Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5b9e2e722be0fb53da7bf5cde3dd9489.exe
Resource
win7-20240419-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
5b9e2e722be0fb53da7bf5cde3dd9489.exe
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
5b9e2e722be0fb53da7bf5cde3dd9489.exe
-
Size
304KB
-
MD5
5b9e2e722be0fb53da7bf5cde3dd9489
-
SHA1
4af8e27cb336e01ab595ffa7812e89507082bebe
-
SHA256
290e577270a33ca29e5687461a59e63887e39d8293a89f63b0cea095f1499954
-
SHA512
02702499a361d042415810120771a546f205c9305938733ffe1a98b0f898489e0b6dea059099165c5bd07a6098131e4933674679719ecefad2a9663e0774d37f
-
SSDEEP
6144:x3bUxWU5Q7dzRumyGzsaxHUhqLLf69tYF6m5KajeysQExQElNHworW:UO7dzRumtzIiSCpkQERlVww
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 4 raw.githubusercontent.com 5 raw.githubusercontent.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2148 5b9e2e722be0fb53da7bf5cde3dd9489.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2148 wrote to memory of 2692 2148 5b9e2e722be0fb53da7bf5cde3dd9489.exe 29 PID 2148 wrote to memory of 2692 2148 5b9e2e722be0fb53da7bf5cde3dd9489.exe 29 PID 2148 wrote to memory of 2692 2148 5b9e2e722be0fb53da7bf5cde3dd9489.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\5b9e2e722be0fb53da7bf5cde3dd9489.exe"C:\Users\Admin\AppData\Local\Temp\5b9e2e722be0fb53da7bf5cde3dd9489.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2148 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2148 -s 10922⤵PID:2692
-