Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:42

General

  • Target

    751f32ae70d7695c642c0e469b7b085f.exe

  • Size

    9KB

  • MD5

    751f32ae70d7695c642c0e469b7b085f

  • SHA1

    29fff9f46b5d30208de2c959b89c3dcf58955269

  • SHA256

    4851aeb6c5100b7dcf464a7cbc7e09ae00bba780fac4ab4783479a3d6f99deed

  • SHA512

    d5201e38a1b15051a3a498383690a0e70947fd87d411569bb828d46d370b8768be3fd9d0c7a15a504d7238da8e3503c277f2c25593022483c1b2bea5a0e00f67

  • SSDEEP

    192:wBksunPY82gQv5F4VtaeMZZ3v93VnjdwCzB3U+Xzc:882l4VtaeMJFnhwC9E+Xz

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\751f32ae70d7695c642c0e469b7b085f.exe
    "C:\Users\Admin\AppData\Local\Temp\751f32ae70d7695c642c0e469b7b085f.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2052 -s 896
      2⤵
        PID:2772

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2052-0-0x00000000003E0000-0x00000000003E8000-memory.dmp

      Filesize

      32KB

    • memory/2052-1-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

      Filesize

      9.9MB

    • memory/2052-2-0x000000001AAD0000-0x000000001AB50000-memory.dmp

      Filesize

      512KB

    • memory/2052-3-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

      Filesize

      9.9MB

    • memory/2052-4-0x000000001AAD0000-0x000000001AB50000-memory.dmp

      Filesize

      512KB