b03066c712ac4c570433b996907d239a417eb0ae517307faa1122dbb560da08a

Analysis

max time kernel
71s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18/09/2024, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b03066c712ac4c570433b996907d239a417eb0ae517307faa1122dbb560da08a.exe
Size

549KB
MD5

b5a3a038692a38e4efcd86e079557589
SHA1

18c533cbf19bfbef0959bf2c1a8d2251ab4e64a8
SHA256

b03066c712ac4c570433b996907d239a417eb0ae517307faa1122dbb560da08a
SHA512

5327b668e44bea2bd5331f50b1dbc99f3c3110fa26fb48791795ef8f3cb461d650dfbeb0d5ff9049fc1579bc232ad9adffb1ee9b761e39e85b68afcba0acfcca
SSDEEP

3072:JNWTb+AdIg8j+kCpeD0D7L5HA1onW8D1mw5FPw:qTb+Ado4LTUAW8pmcFP

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2000	b03066c712ac4c570433b996907d239a417eb0ae517307faa1122dbb560da08a.exe
2000	b03066c712ac4c570433b996907d239a417eb0ae517307faa1122dbb560da08a.exe
2000	b03066c712ac4c570433b996907d239a417eb0ae517307faa1122dbb560da08a.exe
2000	b03066c712ac4c570433b996907d239a417eb0ae517307faa1122dbb560da08a.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2000	b03066c712ac4c570433b996907d239a417eb0ae517307faa1122dbb560da08a.exe
Token: SeDebugPrivilege	2000	b03066c712ac4c570433b996907d239a417eb0ae517307faa1122dbb560da08a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2444	2000	b03066c712ac4c570433b996907d239a417eb0ae517307faa1122dbb560da08a.exe	30
PID 2000 wrote to memory of 2444	2000	b03066c712ac4c570433b996907d239a417eb0ae517307faa1122dbb560da08a.exe	30
PID 2000 wrote to memory of 2444	2000	b03066c712ac4c570433b996907d239a417eb0ae517307faa1122dbb560da08a.exe	30

C:\Users\Admin\AppData\Local\Temp\b03066c712ac4c570433b996907d239a417eb0ae517307faa1122dbb560da08a.exe
"C:\Users\Admin\AppData\Local\Temp\b03066c712ac4c570433b996907d239a417eb0ae517307faa1122dbb560da08a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2000 -s 1608
  2⤵
  PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2000-0-0x000007FEF5F53000-0x000007FEF5F54000-memory.dmp

Filesize
4KB

Download
memory/2000-1-0x0000000000230000-0x00000000002BE000-memory.dmp

Filesize
568KB

Download
memory/2000-2-0x000007FEF5F50000-0x000007FEF693C000-memory.dmp

Filesize
9.9MB

Download
memory/2000-3-0x000000001BD90000-0x000000001BE90000-memory.dmp

Filesize
1024KB

Download
memory/2000-9-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-4-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-5-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-23-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-37-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-27-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-29-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-31-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-39-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-43-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-49-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-53-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-61-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-67-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-65-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-59-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-57-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-55-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-51-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-47-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-45-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-41-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-35-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-33-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-25-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-21-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-19-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-17-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-15-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-13-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-11-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-7-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-63-0x000000001BD90000-0x000000001BE8A000-memory.dmp

Filesize
1000KB

Download
memory/2000-1079-0x000007FEF5F50000-0x000007FEF693C000-memory.dmp

Filesize
9.9MB

Download
memory/2000-1078-0x000007FEF5F53000-0x000007FEF5F54000-memory.dmp

Filesize
4KB

Download
memory/2000-1080-0x000007FEF5F50000-0x000007FEF693C000-memory.dmp

Filesize
9.9MB

Download
memory/2000-1081-0x000000001C6D0000-0x000000001C74C000-memory.dmp

Filesize
496KB

Download
memory/2000-1082-0x00000000022B0000-0x00000000022FC000-memory.dmp

Filesize
304KB

Download
memory/2000-1083-0x000007FEF5F50000-0x000007FEF693C000-memory.dmp

Filesize
9.9MB

Download
memory/2000-1085-0x000000001AC10000-0x000000001AC64000-memory.dmp

Filesize
336KB

Download
memory/2000-1086-0x000007FEF5F50000-0x000007FEF693C000-memory.dmp

Filesize
9.9MB

Download
memory/2000-1087-0x000007FEF5F50000-0x000007FEF693C000-memory.dmp

Filesize
9.9MB

Download