Analysis
-
max time kernel
136s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
31/12/2023, 04:18
General
-
Target
27d760cb536ee94e29ef39183e4bddd5.exe
-
Size
264KB
-
MD5
27d760cb536ee94e29ef39183e4bddd5
-
SHA1
5d9b35358bdd338473b830efbef44f287d712887
-
SHA256
72be2ed32f7731e3801d4cb4c55b4772270f66ddd9b67089ec40eb9d8ac02493
-
SHA512
0496c903209a98f2738fb48500d6b06fb7936c68090871dd045e7cdec5dc1132f1fecd4f72501e09a9e42ad3ca36152eadd2c019bbd7a08c21ef10ad71eb48fa
-
SSDEEP
6144:6J/Urq5zYDdoaEcHsFH3e0XPukO23Oc2Zp:xrVDdZj2H3xWkB3Ocs
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: LoadsDriver 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\27d760cb536ee94e29ef39183e4bddd5.exe"C:\Users\Admin\AppData\Local\Temp\27d760cb536ee94e29ef39183e4bddd5.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 4522⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2072 -ip 20721⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
206KB
MD51b925db34ae471de21e899d97ea658f7
SHA15cf2a59cadb95d94763b7537b4b9236aef78eee1
SHA25632a33ccc95a4d9f7f38276c84f7260aded38e91f3e57b7d8cd1c8cdbcc685ecc
SHA512130e59b4ba96bbe26bc19e3b0b778348d6f8c7bef0df59af6918720b918758405bc5365ccc71f32a2bcfdd35005220de3f75265d8f4a9ad203cedb0c7d4ec230
-
Filesize
216KB