3b51eca2abc31bca09e7e00c7361a152ae965186c20f72f77829859b1ac59ebf | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 12:04

Sharing

Report Analysis Logs

General

Target

TcMWzXaBza.exe
Size

2.3MB
MD5

613f5f8693709aa2412fb529818f2364
SHA1

f7f0c98bc493fad272a94396df2d67ed98fbf0e9
SHA256

3b51eca2abc31bca09e7e00c7361a152ae965186c20f72f77829859b1ac59ebf
SHA512

b1ca9ee63d7bf39a0cc724a98d697ff026fdb97a322cefdd50bbf6fac4f3f277ee3f6af46c968805b62aeb11db37341e7560c241c4ccfcb3c5a251df35943ad7
SSDEEP

49152:LosQHMmpQAaR824OnqDPqFmhlyjsrrJLp2lUEFP4+Po6kk:/4O2P5JLQlVt4ib

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1196	TcMWzXaBza.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 1048	1196	TcMWzXaBza.exe	29
PID 1196 wrote to memory of 1048	1196	TcMWzXaBza.exe	29
PID 1196 wrote to memory of 1048	1196	TcMWzXaBza.exe	29

C:\Users\Admin\AppData\Local\Temp\TcMWzXaBza.exe
"C:\Users\Admin\AppData\Local\Temp\TcMWzXaBza.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1196 -s 364
  2⤵
  PID:1048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1196-0-0x000000013FB70000-0x000000013FDC9000-memory.dmp

Filesize
2.3MB

Download
memory/1196-1-0x000000013FB70000-0x000000013FDC9000-memory.dmp

Filesize
2.3MB

Download