Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
17-01-2024 10:52
General
-
Target
627252e2739bca3c1ffacc25cda7e5de.exe
-
Size
746KB
-
MD5
627252e2739bca3c1ffacc25cda7e5de
-
SHA1
d8f843a86d8ce0f209b9ee2b5212ebced41bf095
-
SHA256
69a91c5ec25c9d0f145bf8b6429483d45f1945511887afcbdddd2c1a3de82c27
-
SHA512
0e1a8c26f8d68c76e31ba64adde179dd0ac23182d8633a0a50c2ea86160c20783f6b1c5127641710383d0169d54e92de81b2c7c416a7dd3854bd919b5e590f8d
-
SSDEEP
12288:ieJKTFl3iZlnBB9fgsBemxiO9WzfBEHht/Tn6flqFxmXxrVw09Vjy/QA:1a3iPBB94ae62JEBhT6flqz709Vjy/R
Score
6/10
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\627252e2739bca3c1ffacc25cda7e5de.exe"C:\Users\Admin\AppData\Local\Temp\627252e2739bca3c1ffacc25cda7e5de.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2340 -s 13162⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2340-0-0x0000000001330000-0x00000000013F2000-memory.dmpFilesize
776KB
-
memory/2340-1-0x000007FEF60F0000-0x000007FEF6ADC000-memory.dmpFilesize
9.9MB
-
memory/2340-2-0x000000001B260000-0x000000001B2E0000-memory.dmpFilesize
512KB
-
memory/2340-3-0x0000000000150000-0x0000000000151000-memory.dmpFilesize
4KB
-
memory/2340-4-0x000007FEF60F0000-0x000007FEF6ADC000-memory.dmpFilesize
9.9MB