Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
01-01-2024 19:46
Behavioral task
behavioral1
Sample
Trainerv10exe.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Trainerv10exe.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
Trainerv10exe.exe
-
Size
1.3MB
-
MD5
93f36079ec006937a740fdab9163f81d
-
SHA1
6dac1e093e259bebbaeebf8498ff2fe6b1e61c3e
-
SHA256
4efbc987e858c66a9b0e30126c8b6850000e22c2302fe87589e863e967b41d2f
-
SHA512
9b86ecc5bbe2de6c550ff2e10900ae4e15cbb209059069069a5194a0f49be9f01568873d1cec94f71cbf89ff240de355b29e81c3a71da2e042793be4914fdf1c
-
SSDEEP
24576:3OpSEmnjglsX4yy471U0+ITg1gC0EOI88TiSDS59d1vSbJ7:e2n0qX4y7BVc1qEO0Tc9SV7
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2404 Trainerv10exe.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2404 Trainerv10exe.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2404 wrote to memory of 2892 2404 Trainerv10exe.exe 28 PID 2404 wrote to memory of 2892 2404 Trainerv10exe.exe 28 PID 2404 wrote to memory of 2892 2404 Trainerv10exe.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Trainerv10exe.exe"C:\Users\Admin\AppData\Local\Temp\Trainerv10exe.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2404 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2404 -s 8362⤵PID:2892
-