Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
16/01/2024, 14:16
Behavioral task
behavioral1
Sample
6016c8d09f27df7f074eab8f3b509a78.exe
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
6016c8d09f27df7f074eab8f3b509a78.exe
Resource
win10v2004-20231222-en
2 signatures
150 seconds
General
-
Target
6016c8d09f27df7f074eab8f3b509a78.exe
-
Size
135KB
-
MD5
6016c8d09f27df7f074eab8f3b509a78
-
SHA1
0de66485ee0a7fc1292b0212a737e63ad5c7d699
-
SHA256
d7f74009987ea259d06d106e7b6f862d3a2e8c33a29133b927afa6252bf33e2d
-
SHA512
5532243f90f2f2b8fd10811ef89de2dc2a2e6040f91c177a6780a3f01eb0d0ca676dc0e21c206ab15f319b247244a1a01d05d9282ffcb0b1c9370200c26ac6d5
-
SSDEEP
3072:HjcptR8ys23xbrO19g3+HBzeDsvRBwP4Q6j+0Pq3M:HAptR8ysMxyu+h9BwPH6Xq8
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2636 2168 WerFault.exe 16 -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2168 6016c8d09f27df7f074eab8f3b509a78.exe Token: SeShutdownPrivilege 2168 6016c8d09f27df7f074eab8f3b509a78.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2168 wrote to memory of 2636 2168 6016c8d09f27df7f074eab8f3b509a78.exe 30 PID 2168 wrote to memory of 2636 2168 6016c8d09f27df7f074eab8f3b509a78.exe 30 PID 2168 wrote to memory of 2636 2168 6016c8d09f27df7f074eab8f3b509a78.exe 30 PID 2168 wrote to memory of 2636 2168 6016c8d09f27df7f074eab8f3b509a78.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\6016c8d09f27df7f074eab8f3b509a78.exe"C:\Users\Admin\AppData\Local\Temp\6016c8d09f27df7f074eab8f3b509a78.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2168 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 2642⤵
- Program crash
PID:2636
-