577ed9aecfeeab443bd52a829ad4529c1d969deae00beb2f48b2c31def113fe4

Analysis

max time kernel
1175s
max time network
1178s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dump-65f2ad88739a48def5d092b4.exe
Size

1.7MB
MD5

421bad8147070d5b71d8f8d40e722c47
SHA1

01322723fccf3aa00599b6a84cc5ee7f00f0ce2e
SHA256

577ed9aecfeeab443bd52a829ad4529c1d969deae00beb2f48b2c31def113fe4
SHA512

188ae7db2cf008945e4d929806e4b48efadc799e0eae4b3a41ae46fc0f47c7c8b60d2ba6d59c2ffde461f160b88781625e017537087a11e83d572797fb3fb03a
SSDEEP

24576:Lm9AV329EBpshR7V5oNQovdno04qqmg4WWUgnKsPCjViCZMXlp/CWBY:KSw7VeQotoXqHKGPCjVrsp/CWK

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
808	4336	WerFault.exe	88

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1928	svchost.exe

C:\Users\Admin\AppData\Local\Temp\dump-65f2ad88739a48def5d092b4.exe
"C:\Users\Admin\AppData\Local\Temp\dump-65f2ad88739a48def5d092b4.exe"
1⤵
PID:4336
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 228
  2⤵
  - Program crash
  PID:808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4336 -ip 4336
1⤵
PID:5112

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3300

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1928-0-0x0000025E91640000-0x0000025E91650000-memory.dmp

Filesize
64KB

Download
memory/1928-16-0x0000025E91740000-0x0000025E91750000-memory.dmp

Filesize
64KB

Download
memory/1928-32-0x0000025E99CB0000-0x0000025E99CB1000-memory.dmp

Filesize
4KB

Download
memory/1928-33-0x0000025E99CE0000-0x0000025E99CE1000-memory.dmp

Filesize
4KB

Download
memory/1928-34-0x0000025E99CE0000-0x0000025E99CE1000-memory.dmp

Filesize
4KB

Download
memory/1928-35-0x0000025E99CE0000-0x0000025E99CE1000-memory.dmp

Filesize
4KB

Download
memory/1928-36-0x0000025E99CE0000-0x0000025E99CE1000-memory.dmp

Filesize
4KB

Download
memory/1928-37-0x0000025E99CE0000-0x0000025E99CE1000-memory.dmp

Filesize
4KB

Download
memory/1928-38-0x0000025E99CE0000-0x0000025E99CE1000-memory.dmp

Filesize
4KB

Download
memory/1928-39-0x0000025E99CE0000-0x0000025E99CE1000-memory.dmp

Filesize
4KB

Download
memory/1928-40-0x0000025E99CE0000-0x0000025E99CE1000-memory.dmp

Filesize
4KB

Download
memory/1928-41-0x0000025E99CE0000-0x0000025E99CE1000-memory.dmp

Filesize
4KB

Download
memory/1928-42-0x0000025E99CE0000-0x0000025E99CE1000-memory.dmp

Filesize
4KB

Download
memory/1928-43-0x0000025E99900000-0x0000025E99901000-memory.dmp

Filesize
4KB

Download
memory/1928-44-0x0000025E998F0000-0x0000025E998F1000-memory.dmp

Filesize
4KB

Download
memory/1928-46-0x0000025E99900000-0x0000025E99901000-memory.dmp

Filesize
4KB

Download
memory/1928-49-0x0000025E998F0000-0x0000025E998F1000-memory.dmp

Filesize
4KB

Download
memory/1928-52-0x0000025E90FF0000-0x0000025E90FF1000-memory.dmp

Filesize
4KB

Download
memory/1928-64-0x0000025E99A30000-0x0000025E99A31000-memory.dmp

Filesize
4KB

Download
memory/1928-66-0x0000025E99A40000-0x0000025E99A41000-memory.dmp

Filesize
4KB

Download
memory/1928-67-0x0000025E99A40000-0x0000025E99A41000-memory.dmp

Filesize
4KB

Download
memory/1928-68-0x0000025E99B50000-0x0000025E99B51000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads