Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21-04-2024 01:14
Static task
static1
Behavioral task
behavioral1
Sample
95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe
-
Size
404KB
-
MD5
15ce9e885610d5b85500ea0d139f6d21
-
SHA1
99f1392185a70453f33e15d6f5b75064217c2c18
-
SHA256
95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e
-
SHA512
9ee8e3fb682cf7abb5804106f841551f2f0fd8ace9842e67f3bda573772d39a6482d19e853de5a9a48d177350a3398cb814105ced01fdfb1be6db7e8bc9055b9
-
SSDEEP
6144:/IJTLRoSz47P8DiLdwXQIPcnEPjj9tQPBBpRPZi9opzUeqcnoKPcmPuJkJ:wlRoSz4j8DM6gIxfUP+2Ye9oCcmf
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exedescription pid process Token: SeDebugPrivilege 2228 95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exedescription pid process target process PID 2228 wrote to memory of 2256 2228 95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe WerFault.exe PID 2228 wrote to memory of 2256 2228 95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe WerFault.exe PID 2228 wrote to memory of 2256 2228 95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe"C:\Users\Admin\AppData\Local\Temp\95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2228 -s 5682⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2228-0-0x00000000009D0000-0x00000000009DE000-memory.dmpFilesize
56KB
-
memory/2228-1-0x000007FEF5600000-0x000007FEF5FEC000-memory.dmpFilesize
9.9MB
-
memory/2228-2-0x0000000000520000-0x00000000005A0000-memory.dmpFilesize
512KB
-
memory/2228-3-0x000007FEF5600000-0x000007FEF5FEC000-memory.dmpFilesize
9.9MB
-
memory/2228-4-0x0000000000520000-0x00000000005A0000-memory.dmpFilesize
512KB