2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-05-2024 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe
Size

97.8MB
MD5

06dd7aeb509dea5a0e9144fc7144eb4a
SHA1

b5eae7cb0e4c3191a86b79a140adc14552214429
SHA256

2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7
SHA512

e4f7d583a66b1e7b197f9c35ffb570a6becfbb0aa323959e8dcecc7a39d6a0fa0783868f4175b250b5d3078f82a4f373d57ab2c13b2c964c314c16e561888841
SSDEEP

786432:WWXgFdAWTpQXBVBEEIVeHDWIBV0aMoSctbw17Qm+Lf0XeuGU:WWadAPKeh0ew1pH

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2756 2372 WerFault.exe 2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe

description pid process

Token: SeDebugPrivilege 2372 2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe

pid	pid_target	process	target process
2756	2372	WerFault.exe	2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe

description	pid	process
Token: SeDebugPrivilege	2372	2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe

description	pid	process	target process
PID 2372 wrote to memory of 2756	2372	2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe	WerFault.exe
PID 2372 wrote to memory of 2756	2372	2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe	WerFault.exe
PID 2372 wrote to memory of 2756	2372	2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe	WerFault.exe
PID 2372 wrote to memory of 2756	2372	2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe
"C:\Users\Admin\AppData\Local\Temp\2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 748
  2⤵
  - Program crash
  PID:2756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2372-3-0x00000000069C0000-0x0000000007349000-memory.dmp

Filesize
9.5MB

Download
memory/2372-36-0x0000000001384000-0x0000000001385000-memory.dmp

Filesize
4KB

Download
memory/2372-49-0x0000000006450000-0x0000000006462000-memory.dmp

Filesize
72KB

Download
memory/2372-52-0x0000000006450000-0x0000000006462000-memory.dmp

Filesize
72KB

Download
memory/2372-48-0x0000000006590000-0x0000000006622000-memory.dmp

Filesize
584KB

Download
memory/2372-45-0x0000000006590000-0x0000000006622000-memory.dmp

Filesize
584KB

Download
memory/2372-41-0x0000000006840000-0x0000000006945000-memory.dmp

Filesize
1.0MB

Download
memory/2372-40-0x00000000063F0000-0x00000000063F9000-memory.dmp

Filesize
36KB

Download
memory/2372-37-0x00000000063F0000-0x00000000063F9000-memory.dmp

Filesize
36KB

Download
memory/2372-35-0x0000000006510000-0x0000000006585000-memory.dmp

Filesize
468KB

Download
memory/2372-44-0x0000000006840000-0x0000000006945000-memory.dmp

Filesize
1.0MB

Download
memory/2372-11-0x0000000000E20000-0x0000000000E60000-memory.dmp

Filesize
256KB

Download
memory/2372-32-0x0000000006510000-0x0000000006585000-memory.dmp

Filesize
468KB

Download
memory/2372-31-0x0000000006380000-0x00000000063A8000-memory.dmp

Filesize
160KB

Download
memory/2372-28-0x0000000006380000-0x00000000063A8000-memory.dmp

Filesize
160KB

Download
memory/2372-27-0x00000000061C0000-0x00000000061CC000-memory.dmp

Filesize
48KB

Download
memory/2372-24-0x00000000061C0000-0x00000000061CC000-memory.dmp

Filesize
48KB

Download
memory/2372-23-0x0000000006180000-0x0000000006195000-memory.dmp

Filesize
84KB

Download
memory/2372-20-0x0000000006180000-0x0000000006195000-memory.dmp

Filesize
84KB

Download
memory/2372-19-0x00000000061A0000-0x00000000061A6000-memory.dmp

Filesize
24KB

Download
memory/2372-16-0x00000000061A0000-0x00000000061A6000-memory.dmp

Filesize
24KB

Download
memory/2372-15-0x00000000060A0000-0x00000000060B1000-memory.dmp

Filesize
68KB

Download
memory/2372-12-0x00000000060A0000-0x00000000060B1000-memory.dmp

Filesize
68KB

Download
memory/2372-8-0x0000000000E20000-0x0000000000E60000-memory.dmp

Filesize
256KB

Download
memory/2372-7-0x0000000006030000-0x000000000606A000-memory.dmp

Filesize
232KB

Download
memory/2372-4-0x0000000006030000-0x000000000606A000-memory.dmp

Filesize
232KB

Download
memory/2372-0-0x00000000069C0000-0x0000000007349000-memory.dmp

Filesize
9.5MB

Download