Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:03
Static task
static1
Behavioral task
behavioral1
Sample
08bfd6bd13f54091822225dffe599acfe51ec86352a36c36271badcbecdef64a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
08bfd6bd13f54091822225dffe599acfe51ec86352a36c36271badcbecdef64a.exe
Resource
win10v2004-20240508-en
General
-
Target
08bfd6bd13f54091822225dffe599acfe51ec86352a36c36271badcbecdef64a.exe
-
Size
997KB
-
MD5
8befe65c2a5dabbfc601e2aa099226ff
-
SHA1
aa2d114836273af93b7790d20c0f00abe98ea0b4
-
SHA256
08bfd6bd13f54091822225dffe599acfe51ec86352a36c36271badcbecdef64a
-
SHA512
a7223ba1f6b66cfd91f2ad57dd15869e2bf8af683cbcd94840c96bd975595712a719e0b1929c478e398725895b013d558b1266e693ce6e1141423b7f014900fd
-
SSDEEP
12288:5JA8ILNTynGY1HZza7gYHqdRNy8RpZ9qNvHBmCpFNgYP8LNTynGY1HZza7gYHqdk:g82ynGrEft9gvHVxgYPqynGrEft9bk
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3316 3076 WerFault.exe 81 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3076 08bfd6bd13f54091822225dffe599acfe51ec86352a36c36271badcbecdef64a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\08bfd6bd13f54091822225dffe599acfe51ec86352a36c36271badcbecdef64a.exe"C:\Users\Admin\AppData\Local\Temp\08bfd6bd13f54091822225dffe599acfe51ec86352a36c36271badcbecdef64a.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3076 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 20162⤵
- Program crash
PID:3316
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3076 -ip 30761⤵PID:3168