Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
01-01-2024 18:51
Behavioral task
behavioral1
Sample
Trainer.v1.0.exe
Resource
win7-20231129-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Trainer.v1.0.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
Trainer.v1.0.exe
-
Size
1.3MB
-
MD5
93f36079ec006937a740fdab9163f81d
-
SHA1
6dac1e093e259bebbaeebf8498ff2fe6b1e61c3e
-
SHA256
4efbc987e858c66a9b0e30126c8b6850000e22c2302fe87589e863e967b41d2f
-
SHA512
9b86ecc5bbe2de6c550ff2e10900ae4e15cbb209059069069a5194a0f49be9f01568873d1cec94f71cbf89ff240de355b29e81c3a71da2e042793be4914fdf1c
-
SSDEEP
24576:3OpSEmnjglsX4yy471U0+ITg1gC0EOI88TiSDS59d1vSbJ7:e2n0qX4y7BVc1qEO0Tc9SV7
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2928 Trainer.v1.0.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2928 Trainer.v1.0.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2928 wrote to memory of 1808 2928 Trainer.v1.0.exe 28 PID 2928 wrote to memory of 1808 2928 Trainer.v1.0.exe 28 PID 2928 wrote to memory of 1808 2928 Trainer.v1.0.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Trainer.v1.0.exe"C:\Users\Admin\AppData\Local\Temp\Trainer.v1.0.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2928 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2928 -s 7602⤵PID:1808
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2872