85d8770f486f5c178e987899f13d60a0ccde88af28fdbdf2a56f2401a413171c | Triage

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 04:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

73ca7511afa561dc024dc1171c824215.exe
Size

9KB
MD5

73ca7511afa561dc024dc1171c824215
SHA1

37b23f47163de74fa8461923e720ccfe6328dda2
SHA256

85d8770f486f5c178e987899f13d60a0ccde88af28fdbdf2a56f2401a413171c
SHA512

ba009479721c13900501a3a36de0b303403c7026fc77e1bec738c494aa874e15aa4dda524857f919c244695b0e09b15ce2fad166b5495ec87e732c12a39b4e0a
SSDEEP

192:8BksurEXVwVRFeMZZ3m93VnjdwCzE36XcqWAdOX:IVwzFeMaFnhwCgqJd

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3028	73ca7511afa561dc024dc1171c824215.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2652	3028	73ca7511afa561dc024dc1171c824215.exe	28
PID 3028 wrote to memory of 2652	3028	73ca7511afa561dc024dc1171c824215.exe	28
PID 3028 wrote to memory of 2652	3028	73ca7511afa561dc024dc1171c824215.exe	28

C:\Users\Admin\AppData\Local\Temp\73ca7511afa561dc024dc1171c824215.exe
"C:\Users\Admin\AppData\Local\Temp\73ca7511afa561dc024dc1171c824215.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3028 -s 900
  2⤵
  PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3028-0-0x0000000000900000-0x0000000000908000-memory.dmp

Filesize
32KB

Download
memory/3028-1-0x000007FEF5AB0000-0x000007FEF649C000-memory.dmp

Filesize
9.9MB

Download
memory/3028-2-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download
memory/3028-3-0x000007FEF5AB0000-0x000007FEF649C000-memory.dmp

Filesize
9.9MB

Download