2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02-05-2024 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe
Size

97.8MB
MD5

06dd7aeb509dea5a0e9144fc7144eb4a
SHA1

b5eae7cb0e4c3191a86b79a140adc14552214429
SHA256

2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7
SHA512

e4f7d583a66b1e7b197f9c35ffb570a6becfbb0aa323959e8dcecc7a39d6a0fa0783868f4175b250b5d3078f82a4f373d57ab2c13b2c964c314c16e561888841
SSDEEP

786432:WWXgFdAWTpQXBVBEEIVeHDWIBV0aMoSctbw17Qm+Lf0XeuGU:WWadAPKeh0ew1pH

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3984 4840 WerFault.exe 2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe

description pid process

Token: SeDebugPrivilege 4840 2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe

pid	pid_target	process	target process
3984	4840	WerFault.exe	2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe

description	pid	process
Token: SeDebugPrivilege	4840	2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe

C:\Users\Admin\AppData\Local\Temp\2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe
"C:\Users\Admin\AppData\Local\Temp\2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 1056
  2⤵
  - Program crash
  PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4840 -ip 4840
1⤵
PID:3512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4840-0-0x0000000006ED0000-0x0000000007859000-memory.dmp

Filesize
9.5MB

Download
memory/4840-3-0x0000000006ED0000-0x0000000007859000-memory.dmp

Filesize
9.5MB

Download
memory/4840-31-0x0000000000AA4000-0x0000000000AA5000-memory.dmp

Filesize
4KB

Download
memory/4840-30-0x0000000006C50000-0x0000000006C78000-memory.dmp

Filesize
160KB

Download
memory/4840-27-0x0000000006C50000-0x0000000006C78000-memory.dmp

Filesize
160KB

Download
memory/4840-26-0x0000000006C10000-0x0000000006C1C000-memory.dmp

Filesize
48KB

Download
memory/4840-23-0x0000000006C10000-0x0000000006C1C000-memory.dmp

Filesize
48KB

Download
memory/4840-22-0x0000000006BC0000-0x0000000006BD5000-memory.dmp

Filesize
84KB

Download
memory/4840-35-0x00000000078F0000-0x0000000007965000-memory.dmp

Filesize
468KB

Download
memory/4840-32-0x00000000078F0000-0x0000000007965000-memory.dmp

Filesize
468KB

Download
memory/4840-19-0x0000000006BC0000-0x0000000006BD5000-memory.dmp

Filesize
84KB

Download
memory/4840-18-0x0000000006BE0000-0x0000000006BE6000-memory.dmp

Filesize
24KB

Download
memory/4840-15-0x0000000006BE0000-0x0000000006BE6000-memory.dmp

Filesize
24KB

Download
memory/4840-14-0x0000000006AA0000-0x0000000006AB1000-memory.dmp

Filesize
68KB

Download
memory/4840-11-0x0000000006AA0000-0x0000000006AB1000-memory.dmp

Filesize
68KB

Download
memory/4840-10-0x0000000006AD0000-0x0000000006B10000-memory.dmp

Filesize
256KB

Download
memory/4840-7-0x0000000006AD0000-0x0000000006B10000-memory.dmp

Filesize
256KB

Download
memory/4840-4-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4840-39-0x0000000007880000-0x0000000007889000-memory.dmp

Filesize
36KB

Download
memory/4840-36-0x0000000007880000-0x0000000007889000-memory.dmp

Filesize
36KB

Download
memory/4840-40-0x0000000007A90000-0x0000000007B95000-memory.dmp

Filesize
1.0MB

Download
memory/4840-51-0x00000000078D0000-0x00000000078E2000-memory.dmp

Filesize
72KB

Download
memory/4840-48-0x00000000078D0000-0x00000000078E2000-memory.dmp

Filesize
72KB

Download
memory/4840-47-0x0000000007BA0000-0x0000000007C32000-memory.dmp

Filesize
584KB

Download
memory/4840-44-0x0000000007BA0000-0x0000000007C32000-memory.dmp

Filesize
584KB

Download
memory/4840-43-0x0000000007A90000-0x0000000007B95000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads