3ca0bf28baacf269c3f6a7215516ae6c2181487f006f192ecac3537595a792c2

Analysis

max time kernel
120s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-01-2024 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe
Size

9.1MB
MD5

e3e42b4482a18666a45e39bef73fcb8f
SHA1

05014d6b033ad098e164a8f3ae9f18568db92135
SHA256

99ca9f3245265c2f9d395b4b3a8554056e481c6fee98b839c9c5adb5b79e0de2
SHA512

f391bc5fe9e7b549796d1ed6c080ea8558e55d04d78073e7a18c74a91dbd990cd11af3f0fb3d5e2db0b8dff49f0d7e5666c347c4df49ca7d0e6161e82122537c
SSDEEP

196608:/wldEYTmZUQz5qfy1OKCCRmLojXFcvvukPRPdRJ/6bt2jPlt:/whmia5qASumkhcv2qXv7

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2208 set thread context of 2724	2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1868	2724	WerFault.exe	28

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe
2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe
2724	grpconv.exe
2724	grpconv.exe
2724	grpconv.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2724	grpconv.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2724	2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	28
PID 2208 wrote to memory of 2724	2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	28
PID 2208 wrote to memory of 2724	2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	28
PID 2208 wrote to memory of 2724	2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	28
PID 2208 wrote to memory of 2724	2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	28
PID 2208 wrote to memory of 2724	2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	28
PID 2208 wrote to memory of 2724	2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	28
PID 2208 wrote to memory of 2724	2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	28
PID 2208 wrote to memory of 2724	2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	28
PID 2208 wrote to memory of 2724	2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	28
PID 2208 wrote to memory of 2724	2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	28
PID 2208 wrote to memory of 2724	2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	28
PID 2208 wrote to memory of 2724	2208	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	28
PID 2724 wrote to memory of 1868	2724	grpconv.exe	29
PID 2724 wrote to memory of 1868	2724	grpconv.exe	29
PID 2724 wrote to memory of 1868	2724	grpconv.exe	29
PID 2724 wrote to memory of 1868	2724	grpconv.exe	29

C:\Users\Admin\AppData\Local\Temp\99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe
"C:\Users\Admin\AppData\Local\Temp\99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\grpconv.exe
  "C:\Windows\system32\grpconv.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 192
    3⤵
    - Program crash
    PID:1868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2208-0-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2208-3-0x0000000001220000-0x0000000001B3F000-memory.dmp

Filesize
9.1MB

Download
memory/2208-5-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2208-2-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2208-6-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2208-8-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2208-10-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2208-13-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2208-15-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2208-18-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2208-20-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2208-23-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2208-25-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2208-28-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/2208-30-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/2208-87-0x0000000001220000-0x0000000001B3F000-memory.dmp

Filesize
9.1MB

Download
memory/2724-33-0x0000000000400000-0x00000000008B5000-memory.dmp

Filesize
4.7MB

Download
memory/2724-52-0x0000000000400000-0x00000000008B5000-memory.dmp

Filesize
4.7MB

Download
memory/2724-37-0x0000000000400000-0x00000000008B5000-memory.dmp

Filesize
4.7MB

Download
memory/2724-39-0x0000000000400000-0x00000000008B5000-memory.dmp

Filesize
4.7MB

Download
memory/2724-41-0x0000000000400000-0x00000000008B5000-memory.dmp

Filesize
4.7MB

Download
memory/2724-43-0x0000000000400000-0x00000000008B5000-memory.dmp

Filesize
4.7MB

Download
memory/2724-45-0x0000000000400000-0x00000000008B5000-memory.dmp

Filesize
4.7MB

Download
memory/2724-48-0x0000000000400000-0x00000000008B5000-memory.dmp

Filesize
4.7MB

Download
memory/2724-51-0x0000000000400000-0x00000000008B5000-memory.dmp

Filesize
4.7MB

Download
memory/2724-35-0x0000000000400000-0x00000000008B5000-memory.dmp

Filesize
4.7MB

Download
memory/2724-56-0x0000000000400000-0x00000000008B5000-memory.dmp

Filesize
4.7MB

Download
memory/2724-57-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2724-59-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2724-62-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2724-64-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2724-31-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2724-88-0x0000000000400000-0x00000000008B5000-memory.dmp

Filesize
4.7MB

Download