3ca0bf28baacf269c3f6a7215516ae6c2181487f006f192ecac3537595a792c2

Analysis

max time kernel
137s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe
Size

9.1MB
MD5

e3e42b4482a18666a45e39bef73fcb8f
SHA1

05014d6b033ad098e164a8f3ae9f18568db92135
SHA256

99ca9f3245265c2f9d395b4b3a8554056e481c6fee98b839c9c5adb5b79e0de2
SHA512

f391bc5fe9e7b549796d1ed6c080ea8558e55d04d78073e7a18c74a91dbd990cd11af3f0fb3d5e2db0b8dff49f0d7e5666c347c4df49ca7d0e6161e82122537c
SSDEEP

196608:/wldEYTmZUQz5qfy1OKCCRmLojXFcvvukPRPdRJ/6bt2jPlt:/whmia5qASumkhcv2qXv7

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1084 set thread context of 4620	1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	27

Program crash 1 IoCs

pid	pid_target	Process
3808	4620	WerFault.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe
1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe
1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe
1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe
4620	CredentialUIBroker.exe
4620	CredentialUIBroker.exe
4620	CredentialUIBroker.exe
4620	CredentialUIBroker.exe
4620	CredentialUIBroker.exe
4620	CredentialUIBroker.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4620	CredentialUIBroker.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 4620	1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	27
PID 1084 wrote to memory of 4620	1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	27
PID 1084 wrote to memory of 4620	1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	27
PID 1084 wrote to memory of 4620	1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	27
PID 1084 wrote to memory of 4620	1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	27
PID 1084 wrote to memory of 4620	1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	27
PID 1084 wrote to memory of 4620	1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	27
PID 1084 wrote to memory of 4620	1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	27
PID 1084 wrote to memory of 4620	1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	27
PID 1084 wrote to memory of 4620	1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	27
PID 1084 wrote to memory of 4620	1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	27
PID 1084 wrote to memory of 4620	1084	99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe	27

C:\Users\Admin\AppData\Local\Temp\99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe
"C:\Users\Admin\AppData\Local\Temp\99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Windows\SysWOW64\CredentialUIBroker.exe
  "C:\Windows\system32\CredentialUIBroker.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4620 -ip 4620
1⤵
PID:224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 472
1⤵
- Program crash
PID:3808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1084-0-0x0000000001AE0000-0x0000000001AE1000-memory.dmp

Filesize
4KB

Download
memory/1084-4-0x0000000001B30000-0x0000000001B31000-memory.dmp

Filesize
4KB

Download
memory/1084-6-0x0000000001B60000-0x0000000001B61000-memory.dmp

Filesize
4KB

Download
memory/1084-1-0x0000000001AF0000-0x0000000001AF1000-memory.dmp

Filesize
4KB

Download
memory/1084-2-0x0000000001B20000-0x0000000001B21000-memory.dmp

Filesize
4KB

Download
memory/1084-3-0x0000000000820000-0x000000000113F000-memory.dmp

Filesize
9.1MB

Download
memory/1084-5-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/1084-27-0x0000000000820000-0x000000000113F000-memory.dmp

Filesize
9.1MB

Download
memory/4620-22-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/4620-12-0x0000000000920000-0x0000000000DD5000-memory.dmp

Filesize
4.7MB

Download
memory/4620-24-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/4620-23-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/4620-15-0x0000000000920000-0x0000000000DD5000-memory.dmp

Filesize
4.7MB

Download
memory/4620-21-0x0000000002AF0000-0x0000000002AF1000-memory.dmp

Filesize
4KB

Download
memory/4620-20-0x0000000000F20000-0x0000000000F21000-memory.dmp

Filesize
4KB

Download
memory/4620-16-0x0000000000920000-0x0000000000DD5000-memory.dmp

Filesize
4.7MB

Download
memory/4620-18-0x00000000008F0000-0x00000000008F1000-memory.dmp

Filesize
4KB

Download
memory/4620-19-0x0000000000920000-0x0000000000DD5000-memory.dmp

Filesize
4.7MB

Download
memory/4620-11-0x0000000000920000-0x0000000000DD5000-memory.dmp

Filesize
4.7MB

Download
memory/4620-10-0x0000000000920000-0x0000000000DD5000-memory.dmp

Filesize
4.7MB

Download
memory/4620-28-0x0000000000920000-0x0000000000DD5000-memory.dmp

Filesize
4.7MB

Download
memory/4620-8-0x0000000000920000-0x0000000000DD5000-memory.dmp

Filesize
4.7MB

Download
memory/4620-14-0x0000000000920000-0x0000000000DD5000-memory.dmp

Filesize
4.7MB

Download
memory/4620-13-0x0000000000920000-0x0000000000DD5000-memory.dmp

Filesize
4.7MB

Download
memory/4620-9-0x0000000000920000-0x0000000000DD5000-memory.dmp

Filesize
4.7MB

Download
memory/4620-7-0x0000000000920000-0x0000000000DD5000-memory.dmp

Filesize
4.7MB

Download