Analysis
-
max time kernel
141s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
02-05-2024 01:49
Behavioral task
behavioral1
Sample
2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe
-
Size
97.8MB
-
MD5
06dd7aeb509dea5a0e9144fc7144eb4a
-
SHA1
b5eae7cb0e4c3191a86b79a140adc14552214429
-
SHA256
2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7
-
SHA512
e4f7d583a66b1e7b197f9c35ffb570a6becfbb0aa323959e8dcecc7a39d6a0fa0783868f4175b250b5d3078f82a4f373d57ab2c13b2c964c314c16e561888841
-
SSDEEP
786432:WWXgFdAWTpQXBVBEEIVeHDWIBV0aMoSctbw17Qm+Lf0XeuGU:WWadAPKeh0ew1pH
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3984 4840 WerFault.exe 87 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4840 2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe"C:\Users\Admin\AppData\Local\Temp\2144b0b74e847cbdd01cfa2df27477c00722a904cd1a967947169dba32d63ef7.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4840 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 10562⤵
- Program crash
PID:3984
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4840 -ip 48401⤵PID:3512