Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
27-12-2023 09:11
General
-
Target
abd27e2a444507435b20c67464936014.exe
-
Size
21KB
-
MD5
abd27e2a444507435b20c67464936014
-
SHA1
2b9daae5133ce4b4757b1a0a9a7d5b52d0f6611e
-
SHA256
5fabb2bb7a4b5d30e340ee071663d9e221bc6ba3328cf13368996051c9d67721
-
SHA512
4555dbf2c9066d0bbed9f72bf9ac56ffbe409839669d5be38efe436bb32dc760f17d57c455ff74b394f7aefabd8872a9e52c036e1005e4447d0d5e7beb0a6750
-
SSDEEP
384:Iv4dxX5EOddFNuYd79l+JUUo+BoUy5i8Y/TIC/TaQ:IgTeOddFkYd79cJUUo+qRDYrPuQ
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\abd27e2a444507435b20c67464936014.exe"C:\Users\Admin\AppData\Local\Temp\abd27e2a444507435b20c67464936014.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2100 -s 9682⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2100-0-0x0000000000A10000-0x0000000000A1C000-memory.dmpFilesize
48KB
-
memory/2100-1-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmpFilesize
9.9MB
-
memory/2100-2-0x00000000003D0000-0x0000000000450000-memory.dmpFilesize
512KB
-
memory/2100-3-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmpFilesize
9.9MB
-
memory/2100-4-0x00000000003D0000-0x0000000000450000-memory.dmpFilesize
512KB