Resubmissions
09-04-2024 13:27
240409-qqa5hsbd5t 1009-04-2024 13:27
240409-qp978abd5s 1009-04-2024 13:27
240409-qp9lpabd4y 1009-04-2024 13:27
240409-qp9axsgb32 1018-11-2023 14:44
231118-r4d9rsef94 10Analysis
-
max time kernel
361s -
max time network
364s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09-04-2024 13:27
Static task
static1
Behavioral task
behavioral1
Sample
New Text Document.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
New Text Document.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
New Text Document.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
New Text Document.exe
Resource
win11-20240221-en
General
-
Target
New Text Document.exe
-
Size
4KB
-
MD5
a239a27c2169af388d4f5be6b52f272c
-
SHA1
0feb9a0cd8c25f01d071e9b2cfc2ae7bd430318c
-
SHA256
98e895f711226a32bfab152e224279d859799243845c46e550c2d32153c619fc
-
SHA512
f30e1ff506cc4d729f7e24aa46e832938a5e21497f1f82f1b300d47f45dae7f1caef032237ef1f5ae9001195c43c0103e3ab787f9196c8397846c1dea8f351da
-
SSDEEP
48:6r1huik0xzYGJZZJOQOulbfSqXSfbNtm:IIxcLpf6zNt
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2100 New Text Document.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2100 wrote to memory of 2560 2100 New Text Document.exe 29 PID 2100 wrote to memory of 2560 2100 New Text Document.exe 29 PID 2100 wrote to memory of 2560 2100 New Text Document.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\New Text Document.exe"C:\Users\Admin\AppData\Local\Temp\New Text Document.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2100 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2100 -s 10722⤵PID:2560
-