Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
15-01-2024 03:28
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5c044e74d13cfccc7e1e574d8fa18121.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
5c044e74d13cfccc7e1e574d8fa18121.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
5c044e74d13cfccc7e1e574d8fa18121.exe
-
Size
9KB
-
MD5
5c044e74d13cfccc7e1e574d8fa18121
-
SHA1
aeadf410569c9d2c8e970c7740b88125f2a139d4
-
SHA256
5433feaf85f8c05dd1c80e069ae6b2a5b0b1295897f499c6381b73d2a64be050
-
SHA512
2bd58bf27259f6e9d3926ebc6577a8818d74788f30e9e054493038d19c7e0c58ff730f0cdbd7a27dad458950637bd3d1c7201b83b41837e7214c0c21630b9fd0
-
SSDEEP
192:VBksuDm6N7oy1mPeMZZ3D93VnjdwqzK3KS9:B4xoPeMVFnhwq+6S
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2832 5c044e74d13cfccc7e1e574d8fa18121.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2832 wrote to memory of 2660 2832 5c044e74d13cfccc7e1e574d8fa18121.exe 28 PID 2832 wrote to memory of 2660 2832 5c044e74d13cfccc7e1e574d8fa18121.exe 28 PID 2832 wrote to memory of 2660 2832 5c044e74d13cfccc7e1e574d8fa18121.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\5c044e74d13cfccc7e1e574d8fa18121.exe"C:\Users\Admin\AppData\Local\Temp\5c044e74d13cfccc7e1e574d8fa18121.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2832 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2832 -s 8962⤵PID:2660
-