f753ab193efa83d5cdc02fb7bbda4763940da2d729a5e6ef1f793f778d09b63c | Triage

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 06:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bab2718cb2e3a574c979e2225b647199.exe
Size

9KB
MD5

bab2718cb2e3a574c979e2225b647199
SHA1

7464815cf97ae1125681106ae1c79a4602bbc560
SHA256

f753ab193efa83d5cdc02fb7bbda4763940da2d729a5e6ef1f793f778d09b63c
SHA512

7521b063fdbfd3dca55fd1e614aed6e8f6acab3bc7c07eb1fd743deb53759690d2d0ef7dee8be877b66ad082d413787910b0c00a70769828ea5bd09de1d2ca43
SSDEEP

192:yBksuDrN3y+tH5eMZZ3qJ93VnjdwCz73Ui29:xZj5eMe/FnhwC/b2

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2924	bab2718cb2e3a574c979e2225b647199.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2592	2924	bab2718cb2e3a574c979e2225b647199.exe	28
PID 2924 wrote to memory of 2592	2924	bab2718cb2e3a574c979e2225b647199.exe	28
PID 2924 wrote to memory of 2592	2924	bab2718cb2e3a574c979e2225b647199.exe	28

C:\Users\Admin\AppData\Local\Temp\bab2718cb2e3a574c979e2225b647199.exe
"C:\Users\Admin\AppData\Local\Temp\bab2718cb2e3a574c979e2225b647199.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2924 -s 896
  2⤵
  PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2924-0-0x0000000000E70000-0x0000000000E78000-memory.dmp

Filesize
32KB

Download
memory/2924-1-0x000007FEF5E80000-0x000007FEF686C000-memory.dmp

Filesize
9.9MB

Download
memory/2924-2-0x000000001B070000-0x000000001B0F0000-memory.dmp

Filesize
512KB

Download
memory/2924-3-0x000007FEF5E80000-0x000007FEF686C000-memory.dmp

Filesize
9.9MB

Download