02ddc66a92d26f53bb1eede0567cdf318ef19b02d1427ab3c9fead8aa60127f0 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

388d25eb9441f0bdf1bf1e65a14451d8.exe
Size

208KB
MD5

388d25eb9441f0bdf1bf1e65a14451d8
SHA1

a59f9ccc66442e4073ce5a96689116b86689db6d
SHA256

02ddc66a92d26f53bb1eede0567cdf318ef19b02d1427ab3c9fead8aa60127f0
SHA512

77a7ba221e4e8f741d47c8e046279527a3831b8341467bfb1e900c2a6e275208475a8f2e9f8090162d3ce0034764a14d6916b3208e260af33c69904beb518dee
SSDEEP

6144:gtFZYA+ZFXGDEi5dHuksRAu8gGJJ3894d:gtfY9ZwEi50ksRRkG4

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2296	2868	WerFault.exe	14

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2868	388d25eb9441f0bdf1bf1e65a14451d8.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2868	388d25eb9441f0bdf1bf1e65a14451d8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2296	2868	388d25eb9441f0bdf1bf1e65a14451d8.exe	15
PID 2868 wrote to memory of 2296	2868	388d25eb9441f0bdf1bf1e65a14451d8.exe	15
PID 2868 wrote to memory of 2296	2868	388d25eb9441f0bdf1bf1e65a14451d8.exe	15
PID 2868 wrote to memory of 2296	2868	388d25eb9441f0bdf1bf1e65a14451d8.exe	15

C:\Users\Admin\AppData\Local\Temp\388d25eb9441f0bdf1bf1e65a14451d8.exe
"C:\Users\Admin\AppData\Local\Temp\388d25eb9441f0bdf1bf1e65a14451d8.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 304
  2⤵
  - Program crash
  PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads