Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13/03/2024, 23:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c716d70add332e6327654df689826aab.exe
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
c716d70add332e6327654df689826aab.exe
Resource
win10v2004-20240226-en
1 signatures
150 seconds
General
-
Target
c716d70add332e6327654df689826aab.exe
-
Size
9KB
-
MD5
c716d70add332e6327654df689826aab
-
SHA1
fd8cb9a7e87bf998772c28c572950ba0e1373f42
-
SHA256
04441b8fe3ccee5cde4e39999002d2a8cf5f1fb44c5cae9c8360cb1b2f7a3bc1
-
SHA512
afcab39bb98a2d49391f1b52f0fa81f36a8799a8866f57b42c739908212ff9bc0f3f9f23d9cb10b186645944af881d38d38d11ce9e2b98369922c5ef0193dd2f
-
SSDEEP
192:nBksun9MuIz9eMZZ3d93VnjdwqzWv3xN:8le9eMHFnhwqKh
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2020 c716d70add332e6327654df689826aab.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2020 wrote to memory of 2584 2020 c716d70add332e6327654df689826aab.exe 28 PID 2020 wrote to memory of 2584 2020 c716d70add332e6327654df689826aab.exe 28 PID 2020 wrote to memory of 2584 2020 c716d70add332e6327654df689826aab.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\c716d70add332e6327654df689826aab.exe"C:\Users\Admin\AppData\Local\Temp\c716d70add332e6327654df689826aab.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2020 -s 8922⤵PID:2584
-