00deb73a1738a3b3bfd9504b70775d668581f504481c7f37c20831504f9b77aa

Analysis

max time kernel
144s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

сентябрь 2023(570)/07656dde7e964ab7e49378a310d439f5c3201528ec707e0b1a138d5c61b8d63a.exe
Size

523KB
MD5

2ee45a8f29a2a9650ecf303ba28ddf87
SHA1

36fc7927deda663b5dea936f952e047a28ce1ed5
SHA256

07656dde7e964ab7e49378a310d439f5c3201528ec707e0b1a138d5c61b8d63a
SHA512

3be0aec6f0e7a13c69a81760ae1aaec7990416071087a4799f11ec9852ba475d80e6b5481b7f45f9f444747cec13160a5c015f2e6fb4dde0f79a8ad94333c046
SSDEEP

12288:QjVtZ5/eTpd/upd/E2PKhk246c4MrgrMU0OViUYQF2xRTSns:QjTZ5GsPKWTQMQViUY1Xss

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2152 4708 WerFault.exe 07656dde7e964ab7e49378a310d439f5c3201528ec707e0b1a138d5c61b8d63a.exe

pid	pid_target	process	target process
2152	4708	WerFault.exe	07656dde7e964ab7e49378a310d439f5c3201528ec707e0b1a138d5c61b8d63a.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

07656dde7e964ab7e49378a310d439f5c3201528ec707e0b1a138d5c61b8d63a.exe

pid	process
4708	07656dde7e964ab7e49378a310d439f5c3201528ec707e0b1a138d5c61b8d63a.exe
4708	07656dde7e964ab7e49378a310d439f5c3201528ec707e0b1a138d5c61b8d63a.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

07656dde7e964ab7e49378a310d439f5c3201528ec707e0b1a138d5c61b8d63a.exe

description pid process

Token: SeDebugPrivilege 4708 07656dde7e964ab7e49378a310d439f5c3201528ec707e0b1a138d5c61b8d63a.exe

description	pid	process
Token: SeDebugPrivilege	4708	07656dde7e964ab7e49378a310d439f5c3201528ec707e0b1a138d5c61b8d63a.exe

C:\Users\Admin\AppData\Local\Temp\сентябрь 2023(570)\07656dde7e964ab7e49378a310d439f5c3201528ec707e0b1a138d5c61b8d63a.exe
"C:\Users\Admin\AppData\Local\Temp\сентябрь 2023(570)\07656dde7e964ab7e49378a310d439f5c3201528ec707e0b1a138d5c61b8d63a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 1092
2⤵
- Program crash
PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4708 -ip 4708
1⤵
PID:4080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4708-1-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download
memory/4708-0-0x00000000003A0000-0x000000000042A000-memory.dmp

Filesize
552KB

Download
memory/4708-3-0x0000000004DE0000-0x0000000004E4C000-memory.dmp

Filesize
432KB

Download
memory/4708-5-0x0000000004FC0000-0x0000000005052000-memory.dmp

Filesize
584KB

Download
memory/4708-7-0x0000000004ED0000-0x0000000004EE2000-memory.dmp

Filesize
72KB

Download
memory/4708-8-0x0000000004F20000-0x0000000004F4A000-memory.dmp

Filesize
168KB

Download
memory/4708-10-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-48-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-59-0x0000000004F60000-0x0000000004F61000-memory.dmp

Filesize
4KB

Download
memory/4708-58-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-56-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-54-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-60-0x0000000005B80000-0x0000000005C1C000-memory.dmp

Filesize
624KB

Download
memory/4708-52-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-50-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-46-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-44-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-42-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-40-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-38-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-61-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download
memory/4708-36-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-34-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-32-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-30-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-28-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-26-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-24-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-22-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-20-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-18-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-16-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-14-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-12-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-9-0x0000000004F20000-0x0000000004F43000-memory.dmp

Filesize
140KB

Download
memory/4708-6-0x0000000005060000-0x00000000053B4000-memory.dmp

Filesize
3.3MB

Download
memory/4708-4-0x00000000054D0000-0x0000000005A74000-memory.dmp

Filesize
5.6MB

Download
memory/4708-2-0x0000000004F10000-0x0000000004F20000-memory.dmp

Filesize
64KB

Download