Overview

overview

3

Static

static

3

NvYDemo.exe

windows11-21h2-x64

3

Resubmissions

14/06/2024, 09:23

240614-lcxzxavaja 3

14/06/2024, 09:21

240614-lbh5csyajk 3

14/06/2024, 09:20

240614-laq4ksthkf 3

14/06/2024, 09:14

240614-k7fhnstfrd 3

Analysis

  • max time kernel
    31s
  • max time network
    32s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14/06/2024, 09:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NvYDemo.exe

  • Size

    67KB

  • MD5

    ee7ebd136ee9a840cd456207a275bb2b

  • SHA1

    0f470d7d3cdac96ca467ab8ac5345d7fb6bf0975

  • SHA256

    45a3b8ea2c9a2e9ed0c6119b282181a2eef35770043edfb15186ce3a97af635a

  • SHA512

    5c01478b6594b3cbf152f3c1f4656fbabb406f01676b9e655ba1f3dd9f028e402b1f041c64d96c8e318cd368668936aee20d87e79f17dbeb8904e953709d94fb

  • SSDEEP

    768:eXBKPUI11fJ2EjOFloKewE7nM2EhUuKzMpcJHKF9rkwNYDegh1UBr8VmJTqWGkA9:jU0AXloKcmjKYk0qeWzVmJT2k2

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NvYDemo.exe
    "C:\Users\Admin\AppData\Local\Temp\NvYDemo.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4692
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 1596
      2⤵
      • Program crash
      PID:5108
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4692 -ip 4692
    1⤵
      PID:4344
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
      1⤵
        PID:4804

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4692-0-0x00000000751DE000-0x00000000751DF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4692-1-0x00000000005C0000-0x00000000005D8000-memory.dmp

        Filesize

        96KB

        Download

      • memory/4692-2-0x00000000055B0000-0x0000000005B56000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/4692-3-0x00000000050E0000-0x0000000005172000-memory.dmp

        Filesize

        584KB

        Download

      • memory/4692-4-0x0000000005090000-0x000000000509A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4692-5-0x00000000751D0000-0x0000000075981000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4692-6-0x00000000751D0000-0x0000000075981000-memory.dmp

        Filesize

        7.7MB

        Download