a9aae62e8504c35c56a23e74e28fe910768055219da2d8824ae70e23cf2bff62 | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 02:39

Sharing

Report Analysis Logs

General

Target

aaca13f9da1acf74af6c7096c6bc3225.exe
Size

9KB
MD5

aaca13f9da1acf74af6c7096c6bc3225
SHA1

56e16ad18853bd9f843c2acef0fbb2c5d451b633
SHA256

a9aae62e8504c35c56a23e74e28fe910768055219da2d8824ae70e23cf2bff62
SHA512

c1480139fedf67573aeea4f2432b411bc474d589719f9aa5de912626994a09cdb5b1aeb955dc26df6bf8b70a0cec9772f03e68f70554e2a564e161a1f3f3e772
SSDEEP

192:CnBksuXm6N7oy1ntLeMZZ3t93Vnjdwqzl3j69GN:W4xJtLeMXFnhwqhO9G

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	948	aaca13f9da1acf74af6c7096c6bc3225.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 2644	948	aaca13f9da1acf74af6c7096c6bc3225.exe	28
PID 948 wrote to memory of 2644	948	aaca13f9da1acf74af6c7096c6bc3225.exe	28
PID 948 wrote to memory of 2644	948	aaca13f9da1acf74af6c7096c6bc3225.exe	28

C:\Users\Admin\AppData\Local\Temp\aaca13f9da1acf74af6c7096c6bc3225.exe
"C:\Users\Admin\AppData\Local\Temp\aaca13f9da1acf74af6c7096c6bc3225.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 948 -s 904
  2⤵
  PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/948-0-0x0000000000EE0000-0x0000000000EE8000-memory.dmp

Filesize
32KB

Download
memory/948-1-0x000007FEF5930000-0x000007FEF631C000-memory.dmp

Filesize
9.9MB

Download
memory/948-2-0x000000001B1E0000-0x000000001B260000-memory.dmp

Filesize
512KB

Download
memory/948-3-0x000007FEF5930000-0x000007FEF631C000-memory.dmp

Filesize
9.9MB

Download