8433fe414ef00a0c1eabb4c12a9274f736715ecb0f73bcc28d7ead059f5f0bc4 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/11/2024, 22:13

Sharing

Report Analysis Logs

General

Target

KiffApp2.exe
Size

83KB
MD5

1c844fbbddd5c48cd6ecbd41e6b3fba2
SHA1

6cf1bf7f35426ef8429689a2914287818b3789f6
SHA256

8f474d9f74192818abf096b2449564ff47f1ab86a14111179bbec73e2ffb6865
SHA512

b4d12bd02029aab1eb9d609875df98b96391db86f3c0f0f4e82d6814949794668fd3aaba15439383e9a7bacaa3616454f2913222d018e195483507a7d675424a
SSDEEP

1536:3clLTEsDOLIomkSv6I4eg+8O10vxkeMkgm:3clLTEsUmk0rgJO1SxHL

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3068	KiffApp2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2640	3068	KiffApp2.exe	31
PID 3068 wrote to memory of 2640	3068	KiffApp2.exe	31
PID 3068 wrote to memory of 2640	3068	KiffApp2.exe	31

C:\Users\Admin\AppData\Local\Temp\KiffApp2.exe
"C:\Users\Admin\AppData\Local\Temp\KiffApp2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3068 -s 1196
  2⤵
  PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3068-0-0x000007FEF4E33000-0x000007FEF4E34000-memory.dmp

Filesize
4KB

Download
memory/3068-1-0x0000000000820000-0x000000000083A000-memory.dmp

Filesize
104KB

Download
memory/3068-2-0x000007FEF4E30000-0x000007FEF581C000-memory.dmp

Filesize
9.9MB

Download
memory/3068-3-0x000007FEF4E30000-0x000007FEF581C000-memory.dmp

Filesize
9.9MB

Download