e54a32d3b33a04c2c27e054e91fdd3ebeac5ebea85b057f1936dc6646911da2a

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 11:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8f0c0b062ca2d5c8c4f0a271289274ec.exe
Size

19KB
MD5

8f0c0b062ca2d5c8c4f0a271289274ec
SHA1

8afc6c1af45c341fd6fc29ed1dc0f04d0f95eca8
SHA256

e54a32d3b33a04c2c27e054e91fdd3ebeac5ebea85b057f1936dc6646911da2a
SHA512

c9a8cc8721be4afb0b031da648c1af13e3324049a784e2f05b7564acb76bd0290f023d0f52be6c2bec10790e12213dadbe0d5502481e00cde53f44b49f8c88a8
SSDEEP

384:IZWiZtDIiI6W3UUnfIR5qzMDR7gFNhWd3Bmn:XdD3UUnfInqAxgFNkd34

Score

3^/10

Malware Config

Signatures

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1336	2180	WerFault.exe	25
4476	2180	WerFault.exe	25

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2180	8f0c0b062ca2d5c8c4f0a271289274ec.exe
2180	8f0c0b062ca2d5c8c4f0a271289274ec.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2180	8f0c0b062ca2d5c8c4f0a271289274ec.exe

C:\Users\Admin\AppData\Local\Temp\8f0c0b062ca2d5c8c4f0a271289274ec.exe
"C:\Users\Admin\AppData\Local\Temp\8f0c0b062ca2d5c8c4f0a271289274ec.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 116824
  2⤵
  - Program crash
  PID:1336
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 116860
  2⤵
  - Program crash
  PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2180 -ip 2180
1⤵
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2180 -ip 2180
1⤵
PID:3088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~!#1632.tmp

Filesize
13KB

MD5
70c7be5b8b96458546224a6c6b7b20a2

SHA1
464c60f4d62a309729d19fac68556d8a9768ddf1

SHA256
d8031d4b4ded9c20eb41d13faed4229bf245b5de1f3ec62c3a0bbd36f2fd4ad5

SHA512
f7540f1698684f9a2db1c3b1454b682d01fed3752245a614be79c0f7bc692a70fe8c1f0e5adf3a8c3191cd819ef17652ab70d98f662f9623fba2bc18204a1b22

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#16C1.tmp

Filesize
3KB

MD5
f1732cdc49b047925f2f1694d4a307ac

SHA1
fa66605b381a8e9f3d654cdb9235dccd8aaf95da

SHA256
ef4f1a7396c015b86e774acd4fe2299564e891cff0bb0883906bde323506cf2d

SHA512
b624c5140da81b7e57d15257992edbad7aa880dcf3ada77aa43c148735f8e351b8f54ffacbc2a2450996cc3cfbe83de9b3aba5e3a5c5005fb70dccc1aef43437

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#17ED.tmp

Filesize
10KB

MD5
585d591653571b371cb949083ba299dd

SHA1
cd975270fe87e20042104f38d7d8a71f62e40c74

SHA256
474c578acb65197ed896c26d887ac278b298101003954505f6035343ecc4860a

SHA512
001a497e179b6ef5f2f94cfc47d7247b215d03f564c9cccea7deab672edbc05f3a45163f6bc7405891fd63b0e7b8eb2b7f1203efea2eeb83bb23790e94dd24b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#193A.tmp

Filesize
12KB

MD5
be19298d92463b3ac1147c309e8948d9

SHA1
601cc90849fa5eedbddacaec061a4e2f4bf0c5f2

SHA256
833c0bafef364e2fffc3bdfcc8e7af0390686ba1bc4353bd3a02b9603398d8a1

SHA512
c945041d6d74c3211e428c01111d969fdae5d35d3b4f7a0d3f3a98505f3b3cfb8ef3697a11b6989b60519b1b340709480c9c149642a19ec58dc65af8dc78dd19

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#1B05.tmp

Filesize
5KB

MD5
15772c906d6046ae103967e108799144

SHA1
3d46b2146f533b5e4fd9a25feb65fd60944cab33

SHA256
ba497024b940ad26d52e3305b88f50e8d30b91a7be537364b5d1a91357f57520

SHA512
20f8930009eac1cd6e97674124f5a81d30b66eeb136b8b9ba579115bb39ee7bdc059d68faf0305ce54fb0b7915d9be9473ee9edb97b0e710c49757b13bc7b8fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#1B93.tmp

Filesize
10KB

MD5
211d8bf417fdbcd02e92bd02e5852b5f

SHA1
e82a0e34817de7c3cd26984dc0c73f255116ede3

SHA256
2e092a8a00bb2ef4f695ac248343ca057109455c0c467117ee66e9d9ab8aa041

SHA512
cd6d75bf8594e4f089bb7b4a930e480b016059af96c42b06e76a1e71de628042754314fee50cda051eea2508207cae833912f9e24aa1eeef6bd41eef7566ee17

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#1C81.tmp

Filesize
18KB

MD5
44ffe44437acea808c3d015350e9881d

SHA1
c962a9526f6e6e598c51ad294e28ef5666703cce

SHA256
cacb8ba6669157771013e6ec4d8148d8584a4d797776077c072b0b765502657b

SHA512
7d17868f7630e27bd4eaca411a494ab51d0e7c8de444b5bd8b33de7a5c182a59e334c9182853f777e7cc5750656a0348ca4fbe9f80bb7fd950ae9e2063020a91

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#1E4C.tmp

Filesize
7KB

MD5
22d9de642952b56705f7995ffd6092d5

SHA1
fee656f543370e0ca381af6339c341934dba9f8d

SHA256
e4b4ebef0d411c060f583a26ab625e38f2feb79e6359d0c2e97e4cd96d9eb332

SHA512
07d6998026ff54bd1dbe26afc9c7346c1dffa441d92d7b2c94cbe13cdb2a783c2c799efe07a8a1a33667b0bc1c7d4dc6014ed6aee605d88866d1d0825bdf93a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#2132.tmp

Filesize
9KB

MD5
0baafd5d0e6e55977c2c6bd722042583

SHA1
1573a10e87cdccdfb5af50394393b3d96fed64b1

SHA256
ddffd81f26977f646f4011aae599791bbc4802c16fac487a811df59167711813

SHA512
2358c23f79841469e3a9e2fd109170479ea9c1dad2b5e240c631dbe56ef3e605ae35c567e7de7ba3920b387ec51cf5c56a3e01331524dc0482f1598beb939656

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#D414.tmp

Filesize
5KB

MD5
2120ed062db970fc35e99385d3a60d5f

SHA1
0a18f4012c0de7bb5a5376bdb5978ee71529879a

SHA256
61901479184f5c7e03d595397ade20033809ca31a3ac8b8570cdf9df3f7b05c6

SHA512
ac5e3f763b78edb3d58562d0387ec86a73074bf70fcfcfd6572c680fcef93e0e501ce09089dc588e38890ea1cf0f8ccde76e340267186b61fe31b7a9ca1f3c19

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#DE96.tmp

Filesize
9KB

MD5
8b637573d98800cc9693c70e337e34ef

SHA1
c6a0ae05ee5ad689f3d458ff2114d874620caa08

SHA256
2b7e5de7aa781727bf253f6e8e75426885ab8a5b0be177e1a1b87fd354c3dff4

SHA512
b468ae9e8917e038cc4d99669978414e8b022e2344554cd92ebfa74e3500a7d8ff0f990af7cc889e886354504ad5ba350c9f1c2675946c51067572c04ec7e689

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#E61F.tmp

Filesize
12KB

MD5
45a2aebb65e1283324041c3cf6e63d76

SHA1
9927b39f89e5d9e4802bd774bb60c50f5d0f2b52

SHA256
660fde3f4e84a59d5e46f28ae4f1cf6ba7dd311099979d943508157f23523e40

SHA512
1112d82d37971fffa519c2fa3713b6076019cf62c7639d47aebc0ab1ade34bd48d5267a83291c11c6d1a2a5bc0a23b69643b0e57a98bbbcb56a2cd1adb61e32b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#ED8B.tmp

Filesize
10KB

MD5
8c1aaeb4d33f110c90c131e821281c4c

SHA1
efb636ad967f0b1fb0db66b3a7bcbcd282664b53

SHA256
ca4fc43938c4ce13311d73fce0215b7c925a0f511f8f2ad890072ab55565b89f

SHA512
6899d1036e4a8f9a285e85a28d19ab6a9a7aa9c073d79aa9e1f74c1fe714e7f0fef09d999f1c2227a6e0539f16f1f6e7faa13ec59898381afa1284e33dc6c66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#F477.tmp

Filesize
12KB

MD5
b30737fcfdfdde8fcdf0396d9859f80f

SHA1
f5a08d016fc88d1d85a0fddfcd7d2e4b2525e968

SHA256
bcd8bab8d1aea25a5211e9f25bcd3181d1594ae36351f75cc4db85f3569aff4c

SHA512
97f38c05c5a1d49772ff9cb914f76a993f7802c0fb947de57cc006b8ea6333374725b0c34e014838014070ed49a270ec2d55878f68f4f172edc92c53c6454e20

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#FC90.tmp

Filesize
20KB

MD5
724bc5f333a5f583c972972d6f9722d4

SHA1
99940c70197aa902e585294744d4ae8556e3e201

SHA256
14cff447414941f6b735e224c2eccab61dbc1907cb6a7b955064c052c6ec8eee

SHA512
38a13b9db304ce2ba14696ead0dbdbab7aaef02f3205c7cf876a9a100bbc6b748985dfb6a401dfc5462af73c11fe11aa45dddbf61a12aa088079cd8a513c15a1

Download Submit
memory/2180-107-0x0000000000580000-0x0000000000582000-memory.dmp

Filesize
8KB

Download
memory/2180-0-0x0000000000580000-0x0000000000582000-memory.dmp

Filesize
8KB

Download