87940feda6607f7660227942f65fe3c43424b6eb1e2f03476cea06823cbbd1aa

Analysis

max time kernel
139s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2024 05:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c4bda149d2de628286ae87ca424dd54.exe
Size

3.4MB
MD5

5c4bda149d2de628286ae87ca424dd54
SHA1

50476880a68a876ef49022a3316f95e647412156
SHA256

87940feda6607f7660227942f65fe3c43424b6eb1e2f03476cea06823cbbd1aa
SHA512

c8209f0464e64cabc3c21da4a2a4d22a83eb7bd6cdea47fde8180749e9e30b60d945be4549ba5dd24a386d2792fb279ccd93d905be24b8e4f7df53972a22573f
SSDEEP

98304:lZDSTWBhqrajhQ2F8upucqIfFc/8PKyy7rHu6n:LDYyhqmjyRcquFc/TVq6n

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
3792	5c4bda149d2de628286ae87ca424dd54.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2768	3792	WerFault.exe	85

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe
3792	5c4bda149d2de628286ae87ca424dd54.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3792	5c4bda149d2de628286ae87ca424dd54.exe

C:\Users\Admin\AppData\Local\Temp\5c4bda149d2de628286ae87ca424dd54.exe
"C:\Users\Admin\AppData\Local\Temp\5c4bda149d2de628286ae87ca424dd54.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3792
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 1752
  2⤵
  - Program crash
  PID:2768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3792 -ip 3792
1⤵
PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3792-0-0x0000000000400000-0x00000000009A7000-memory.dmp

Filesize
5.7MB

Download
memory/3792-1-0x0000000002720000-0x0000000002768000-memory.dmp

Filesize
288KB

Download
memory/3792-2-0x0000000000400000-0x00000000009A7000-memory.dmp

Filesize
5.7MB

Download
memory/3792-3-0x0000000000400000-0x00000000009A7000-memory.dmp

Filesize
5.7MB

Download
memory/3792-5-0x0000000002720000-0x0000000002768000-memory.dmp

Filesize
288KB

Download
memory/3792-4-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/3792-6-0x0000000075EF0000-0x0000000076105000-memory.dmp

Filesize
2.1MB

Download
memory/3792-7-0x0000000076DA0000-0x0000000077021000-memory.dmp

Filesize
2.5MB

Download
memory/3792-8-0x0000000074100000-0x00000000748B0000-memory.dmp

Filesize
7.7MB

Download
memory/3792-9-0x00000000764C0000-0x00000000765A3000-memory.dmp

Filesize
908KB

Download
memory/3792-10-0x0000000000400000-0x00000000009A7000-memory.dmp

Filesize
5.7MB

Download
memory/3792-11-0x0000000072B90000-0x0000000072C19000-memory.dmp

Filesize
548KB

Download
memory/3792-12-0x00000000052A0000-0x0000000005844000-memory.dmp

Filesize
5.6MB

Download
memory/3792-13-0x0000000005850000-0x00000000058E2000-memory.dmp

Filesize
584KB

Download
memory/3792-14-0x0000000075830000-0x0000000075DE3000-memory.dmp

Filesize
5.7MB

Download
memory/3792-15-0x0000000002D20000-0x0000000002D30000-memory.dmp

Filesize
64KB

Download
memory/3792-16-0x0000000002D30000-0x0000000002D3A000-memory.dmp

Filesize
40KB

Download
memory/3792-17-0x0000000005AA0000-0x0000000005BEE000-memory.dmp

Filesize
1.3MB

Download
memory/3792-18-0x0000000000400000-0x00000000009A7000-memory.dmp

Filesize
5.7MB

Download
memory/3792-19-0x0000000075EF0000-0x0000000076105000-memory.dmp

Filesize
2.1MB

Download
memory/3792-22-0x0000000076690000-0x000000007670B000-memory.dmp

Filesize
492KB

Download
memory/3792-21-0x00000000770B0000-0x00000000770D4000-memory.dmp

Filesize
144KB

Download
memory/3792-25-0x0000000005C80000-0x0000000005C96000-memory.dmp

Filesize
88KB

Download
memory/3792-23-0x0000000005C30000-0x0000000005C72000-memory.dmp

Filesize
264KB

Download
memory/3792-20-0x0000000002D40000-0x0000000002D54000-memory.dmp

Filesize
80KB

Download
memory/3792-24-0x0000000076A30000-0x0000000076B50000-memory.dmp

Filesize
1.1MB

Download
memory/3792-26-0x0000000076970000-0x0000000076A2F000-memory.dmp

Filesize
764KB

Download
memory/3792-27-0x00000000762F0000-0x00000000763AF000-memory.dmp

Filesize
764KB

Download
memory/3792-29-0x0000000075070000-0x00000000750C2000-memory.dmp

Filesize
328KB

Download
memory/3792-30-0x0000000074FF0000-0x0000000075064000-memory.dmp

Filesize
464KB

Download
memory/3792-31-0x0000000076DA0000-0x0000000077021000-memory.dmp

Filesize
2.5MB

Download
memory/3792-32-0x0000000077210000-0x00000000772A6000-memory.dmp

Filesize
600KB

Download
memory/3792-33-0x00000000749B0000-0x00000000749D4000-memory.dmp

Filesize
144KB

Download
memory/3792-34-0x00000000767C0000-0x0000000076805000-memory.dmp

Filesize
276KB

Download
memory/3792-35-0x00000000748D0000-0x000000007495D000-memory.dmp

Filesize
564KB

Download
memory/3792-36-0x00000000748C0000-0x00000000748CF000-memory.dmp

Filesize
60KB

Download
memory/3792-37-0x00000000748B0000-0x00000000748B8000-memory.dmp

Filesize
32KB

Download
memory/3792-38-0x0000000074100000-0x00000000748B0000-memory.dmp

Filesize
7.7MB

Download
memory/3792-39-0x00000000740E0000-0x00000000740F4000-memory.dmp

Filesize
80KB

Download
memory/3792-40-0x0000000074030000-0x00000000740DB000-memory.dmp

Filesize
684KB

Download
memory/3792-42-0x0000000072B90000-0x0000000072C19000-memory.dmp

Filesize
548KB

Download
memory/3792-43-0x0000000075ED0000-0x0000000075EE9000-memory.dmp

Filesize
100KB

Download
memory/3792-44-0x0000000071000000-0x000000007101F000-memory.dmp

Filesize
124KB

Download
memory/3792-45-0x0000000070FE0000-0x0000000070FF2000-memory.dmp

Filesize
72KB

Download
memory/3792-46-0x0000000002D20000-0x0000000002D30000-memory.dmp

Filesize
64KB

Download
memory/3792-47-0x0000000070340000-0x0000000070550000-memory.dmp

Filesize
2.1MB

Download
memory/3792-48-0x0000000008ED0000-0x0000000008F6C000-memory.dmp

Filesize
624KB

Download
memory/3792-49-0x0000000002720000-0x0000000002768000-memory.dmp

Filesize
288KB

Download
memory/3792-50-0x0000000000400000-0x00000000009A7000-memory.dmp

Filesize
5.7MB

Download
memory/3792-51-0x0000000075EF0000-0x0000000076105000-memory.dmp

Filesize
2.1MB

Download
memory/3792-52-0x00000000770B0000-0x00000000770D4000-memory.dmp

Filesize
144KB

Download
memory/3792-54-0x0000000076A30000-0x0000000076B50000-memory.dmp

Filesize
1.1MB

Download
memory/3792-55-0x0000000076970000-0x0000000076A2F000-memory.dmp

Filesize
764KB

Download
memory/3792-56-0x0000000076B50000-0x0000000076BC5000-memory.dmp

Filesize
468KB

Download
memory/3792-57-0x00000000762F0000-0x00000000763AF000-memory.dmp

Filesize
764KB

Download
memory/3792-60-0x0000000074FF0000-0x0000000075064000-memory.dmp

Filesize
464KB

Download
memory/3792-59-0x0000000075070000-0x00000000750C2000-memory.dmp

Filesize
328KB

Download
memory/3792-61-0x0000000076DA0000-0x0000000077021000-memory.dmp

Filesize
2.5MB

Download
memory/3792-62-0x0000000077210000-0x00000000772A6000-memory.dmp

Filesize
600KB

Download
memory/3792-65-0x00000000748D0000-0x000000007495D000-memory.dmp

Filesize
564KB

Download
memory/3792-68-0x0000000074100000-0x00000000748B0000-memory.dmp

Filesize
7.7MB

Download
memory/3792-70-0x0000000074030000-0x00000000740DB000-memory.dmp

Filesize
684KB

Download
memory/3792-74-0x0000000071000000-0x000000007101F000-memory.dmp

Filesize
124KB

Download
memory/3792-76-0x0000000070E70000-0x0000000070FD9000-memory.dmp

Filesize
1.4MB

Download
memory/3792-77-0x0000000076C80000-0x0000000076C86000-memory.dmp

Filesize
24KB

Download
memory/3792-78-0x0000000076810000-0x0000000076873000-memory.dmp

Filesize
396KB

Download
memory/3792-73-0x0000000075ED0000-0x0000000075EE9000-memory.dmp

Filesize
100KB

Download
memory/3792-72-0x0000000072B90000-0x0000000072C19000-memory.dmp

Filesize
548KB

Download
memory/3792-71-0x00000000764C0000-0x00000000765A3000-memory.dmp

Filesize
908KB

Download
memory/3792-69-0x00000000740E0000-0x00000000740F4000-memory.dmp

Filesize
80KB

Download
memory/3792-64-0x00000000767C0000-0x0000000076805000-memory.dmp

Filesize
276KB

Download