Analysis
-
max time kernel
122s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
02-05-2024 01:55
Behavioral task
behavioral1
Sample
8c7a005c16e42f12e8d2e7262f92a9846ecfd0fd23ce52524fc6064ebfdf7800.exe
Resource
win7-20240419-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
8c7a005c16e42f12e8d2e7262f92a9846ecfd0fd23ce52524fc6064ebfdf7800.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
8c7a005c16e42f12e8d2e7262f92a9846ecfd0fd23ce52524fc6064ebfdf7800.exe
-
Size
100.0MB
-
MD5
b22dd293d7bfb46d9de4ba7b50720999
-
SHA1
25ce64e4265a3884af07dcde982fa14cb9a47271
-
SHA256
8c7a005c16e42f12e8d2e7262f92a9846ecfd0fd23ce52524fc6064ebfdf7800
-
SHA512
1a8ab0b00774b72d52a777ccde154af49b769439a3c297b1fbcd97871100cbfcb0df16a7dc50f16c44eb90032433a2548516a8e01b37d8d9ce75271e87f4a04d
-
SSDEEP
786432:+WXgFpbWTpQXBVBEEIVeHDWIBV0aMoSctbw17p0Wm+Lf0XeHGO:+WapbPKeh0ew1yL+
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2544 1760 WerFault.exe 27 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1760 8c7a005c16e42f12e8d2e7262f92a9846ecfd0fd23ce52524fc6064ebfdf7800.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1760 wrote to memory of 2544 1760 8c7a005c16e42f12e8d2e7262f92a9846ecfd0fd23ce52524fc6064ebfdf7800.exe 29 PID 1760 wrote to memory of 2544 1760 8c7a005c16e42f12e8d2e7262f92a9846ecfd0fd23ce52524fc6064ebfdf7800.exe 29 PID 1760 wrote to memory of 2544 1760 8c7a005c16e42f12e8d2e7262f92a9846ecfd0fd23ce52524fc6064ebfdf7800.exe 29 PID 1760 wrote to memory of 2544 1760 8c7a005c16e42f12e8d2e7262f92a9846ecfd0fd23ce52524fc6064ebfdf7800.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\8c7a005c16e42f12e8d2e7262f92a9846ecfd0fd23ce52524fc6064ebfdf7800.exe"C:\Users\Admin\AppData\Local\Temp\8c7a005c16e42f12e8d2e7262f92a9846ecfd0fd23ce52524fc6064ebfdf7800.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1760 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 7802⤵
- Program crash
PID:2544
-