Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
25-04-2024 01:40
General
-
Target
7fee503438f90d0206012674566587b5ecef1d040935809ae308b12842dc6196.exe
-
Size
991KB
-
MD5
189b8ac3c0f8d840f30f4897b2d89773
-
SHA1
e6e6c3bd752cde7cf0677575d9268fc2a2070331
-
SHA256
7fee503438f90d0206012674566587b5ecef1d040935809ae308b12842dc6196
-
SHA512
052b3ccd16b840ff50fecc83229a0e9b432629084ef1a43af02d794debfc95a0aa054840feb3a82631176b08a3fcc8c5542c8052811ba6434e416e339dccbf16
-
SSDEEP
24576:o0QxK82SgCUzIQTTzhp11LP059ncTAG6Ox23:om8lgDIv59nXQ23
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7fee503438f90d0206012674566587b5ecef1d040935809ae308b12842dc6196.exe"C:\Users\Admin\AppData\Local\Temp\7fee503438f90d0206012674566587b5ecef1d040935809ae308b12842dc6196.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2956 -s 5362⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2956-0-0x0000000000840000-0x00000000008A8000-memory.dmpFilesize
416KB
-
memory/2956-1-0x000007FEF5A70000-0x000007FEF645C000-memory.dmpFilesize
9.9MB
-
memory/2956-2-0x000000001B200000-0x000000001B280000-memory.dmpFilesize
512KB
-
memory/2956-3-0x000007FEF5A70000-0x000007FEF645C000-memory.dmpFilesize
9.9MB
-
memory/2956-4-0x000000001B200000-0x000000001B280000-memory.dmpFilesize
512KB