Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:42
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
751f32ae70d7695c642c0e469b7b085f.exe
Resource
win7-20231215-en
2 signatures
150 seconds
General
-
Target
751f32ae70d7695c642c0e469b7b085f.exe
-
Size
9KB
-
MD5
751f32ae70d7695c642c0e469b7b085f
-
SHA1
29fff9f46b5d30208de2c959b89c3dcf58955269
-
SHA256
4851aeb6c5100b7dcf464a7cbc7e09ae00bba780fac4ab4783479a3d6f99deed
-
SHA512
d5201e38a1b15051a3a498383690a0e70947fd87d411569bb828d46d370b8768be3fd9d0c7a15a504d7238da8e3503c277f2c25593022483c1b2bea5a0e00f67
-
SSDEEP
192:wBksunPY82gQv5F4VtaeMZZ3v93VnjdwCzB3U+Xzc:882l4VtaeMJFnhwC9E+Xz
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
751f32ae70d7695c642c0e469b7b085f.exedescription pid process Token: SeDebugPrivilege 2052 751f32ae70d7695c642c0e469b7b085f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
751f32ae70d7695c642c0e469b7b085f.exedescription pid process target process PID 2052 wrote to memory of 2772 2052 751f32ae70d7695c642c0e469b7b085f.exe WerFault.exe PID 2052 wrote to memory of 2772 2052 751f32ae70d7695c642c0e469b7b085f.exe WerFault.exe PID 2052 wrote to memory of 2772 2052 751f32ae70d7695c642c0e469b7b085f.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\751f32ae70d7695c642c0e469b7b085f.exe"C:\Users\Admin\AppData\Local\Temp\751f32ae70d7695c642c0e469b7b085f.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2052 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2052 -s 8962⤵PID:2772