Resubmissions

09/04/2024, 13:27 UTC

240409-qqa5hsbd5t 10

09/04/2024, 13:27 UTC

240409-qp978abd5s 10

09/04/2024, 13:27 UTC

240409-qp9lpabd4y 10

09/04/2024, 13:27 UTC

240409-qp9axsgb32 10

18/11/2023, 14:44 UTC

231118-r4d9rsef94 10

Analysis

  • max time kernel
    361s
  • max time network
    364s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 13:27 UTC

General

  • Target

    New Text Document.exe

  • Size

    4KB

  • MD5

    a239a27c2169af388d4f5be6b52f272c

  • SHA1

    0feb9a0cd8c25f01d071e9b2cfc2ae7bd430318c

  • SHA256

    98e895f711226a32bfab152e224279d859799243845c46e550c2d32153c619fc

  • SHA512

    f30e1ff506cc4d729f7e24aa46e832938a5e21497f1f82f1b300d47f45dae7f1caef032237ef1f5ae9001195c43c0103e3ab787f9196c8397846c1dea8f351da

  • SSDEEP

    48:6r1huik0xzYGJZZJOQOulbfSqXSfbNtm:IIxcLpf6zNt

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\New Text Document.exe
    "C:\Users\Admin\AppData\Local\Temp\New Text Document.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2100 -s 1072
      2⤵
        PID:2560

    Network

    • flag-us
      DNS
      urlhaus.abuse.ch
      New Text Document.exe
      Remote address:
      8.8.8.8:53
      Request
      urlhaus.abuse.ch
      IN A
      Response
      urlhaus.abuse.ch
      IN CNAME
      p2.shared.global.fastly.net
      p2.shared.global.fastly.net
      IN A
      151.101.2.49
      p2.shared.global.fastly.net
      IN A
      151.101.66.49
      p2.shared.global.fastly.net
      IN A
      151.101.130.49
      p2.shared.global.fastly.net
      IN A
      151.101.194.49
    • 151.101.2.49:443
      urlhaus.abuse.ch
      tls
      New Text Document.exe
      350 B
      219 B
      5
      5
    • 8.8.8.8:53
      urlhaus.abuse.ch
      dns
      New Text Document.exe
      62 B
      167 B
      1
      1

      DNS Request

      urlhaus.abuse.ch

      DNS Response

      151.101.2.49
      151.101.66.49
      151.101.130.49
      151.101.194.49

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2100-0-0x00000000012A0000-0x00000000012A8000-memory.dmp

      Filesize

      32KB

    • memory/2100-1-0x000007FEF5DB0000-0x000007FEF679C000-memory.dmp

      Filesize

      9.9MB

    • memory/2100-2-0x000000001B110000-0x000000001B190000-memory.dmp

      Filesize

      512KB

    • memory/2100-3-0x000007FEF5DB0000-0x000007FEF679C000-memory.dmp

      Filesize

      9.9MB

    • memory/2100-4-0x000000001B110000-0x000000001B190000-memory.dmp

      Filesize

      512KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.