Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
29-05-2024 07:45
General
-
Target
Build.exe
-
Size
15KB
-
MD5
27275853bd5996fb2f3767772d068d56
-
SHA1
14fb4c3c74870f14af8c4cd7c8eafa81c99c70c2
-
SHA256
abe621c37b2e40f6c6b3d9da15e37d4001188e10bac99e5d66c23cee23b98d03
-
SHA512
7e05ec050eaea236c04d74042ac1b2d5634e2be0dd3b8807bada25c38f2f758de9cc25d69fcfd5086b949dc74b97ad2401bce9e6db541153cec60e33024cc887
-
SSDEEP
384:twpcZrxSdohsUVdko8bxjsCa2txgb6P/sxErmM8/ANWUh:mpSk8VOfb2M669Sct
Score
6/10
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Build.exe"C:\Users\Admin\AppData\Local\Temp\Build.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2208 -s 17162⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2208-0-0x000007FEF5533000-0x000007FEF5534000-memory.dmpFilesize
4KB
-
memory/2208-1-0x00000000009A0000-0x00000000009AA000-memory.dmpFilesize
40KB
-
memory/2208-2-0x000007FEF5530000-0x000007FEF5F1C000-memory.dmpFilesize
9.9MB
-
memory/2208-17-0x000007FEF5533000-0x000007FEF5534000-memory.dmpFilesize
4KB
-
memory/2208-18-0x000007FEF5530000-0x000007FEF5F1C000-memory.dmpFilesize
9.9MB