Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/11/2024, 12:15

General

  • Target

    e8dcd706f41cb2bffff4621bb30a5febce1cdc6ad3825a62f535b9af1cf50d56.exe

  • Size

    23KB

  • MD5

    c559a80f9539d5332f3e18b150dd7c45

  • SHA1

    562d09c66ea80739863fa8c4b502dfc5cc6f6477

  • SHA256

    e8dcd706f41cb2bffff4621bb30a5febce1cdc6ad3825a62f535b9af1cf50d56

  • SHA512

    4d1c912c131b8fef72ee028e1852d73c0328e83722d91c59a87f8eb1ca7df6f88073bc8fc7869bede7f61c9cb49c820b16656a5910de395bf00db70da0675e48

  • SSDEEP

    384:OqQMfvL42Fm19I62UelUEhXNOvmVTyapFsPDhxWBtIBDMKPMJW4EU:OqQCLZfXlUE2mVNIfDB6c

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs
  • Suspicious use of WriteProcessMemory 47 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8dcd706f41cb2bffff4621bb30a5febce1cdc6ad3825a62f535b9af1cf50d56.exe
    "C:\Users\Admin\AppData\Local\Temp\e8dcd706f41cb2bffff4621bb30a5febce1cdc6ad3825a62f535b9af1cf50d56.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Windows\system32\svchost.exe
      "C:\Windows\system32\svchost.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2488
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 2488 -s 20
        3⤵
          PID:2132
      • C:\Windows\system32\msiexec.exe
        "C:\Windows\system32\msiexec.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2160
        • C:\Windows\system32\WerFault.exe
          C:\Windows\system32\WerFault.exe -u -p 2160 -s 184
          3⤵
            PID:2756
        • C:\Windows\system32\audiodg.exe
          "C:\Windows\system32\audiodg.exe"
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:2308
          • C:\Windows\system32\WerFault.exe
            C:\Windows\system32\WerFault.exe -u -p 2308 -s 20
            3⤵
              PID:588

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/2160-40-0x00000000FF890000-0x00000000FF89B000-memory.dmp

                Filesize

                44KB

              • memory/2160-45-0x00000000FF890000-0x00000000FF89B000-memory.dmp

                Filesize

                44KB

              • memory/2160-32-0x000007FFFFFDE000-0x000007FFFFFDF000-memory.dmp

                Filesize

                4KB

              • memory/2160-34-0x00000000FF890000-0x00000000FF89B000-memory.dmp

                Filesize

                44KB

              • memory/2308-61-0x00000000FF3B0000-0x00000000FF3BB000-memory.dmp

                Filesize

                44KB

              • memory/2308-54-0x000007FFFFFD7000-0x000007FFFFFD8000-memory.dmp

                Filesize

                4KB

              • memory/2308-55-0x00000000FF3B0000-0x00000000FF3BB000-memory.dmp

                Filesize

                44KB

              • memory/2488-10-0x000007FFFFFDF000-0x000007FFFFFE0000-memory.dmp

                Filesize

                4KB

              • memory/2488-23-0x00000000FF140000-0x00000000FF14B000-memory.dmp

                Filesize

                44KB

              • memory/2488-18-0x00000000FF140000-0x00000000FF14B000-memory.dmp

                Filesize

                44KB

              • memory/2488-12-0x00000000FF140000-0x00000000FF14B000-memory.dmp

                Filesize

                44KB

              • memory/2488-5-0x00000000FF140000-0x00000000FF14B000-memory.dmp

                Filesize

                44KB

              • memory/2488-9-0x00000000FF140000-0x00000000FF14B000-memory.dmp

                Filesize

                44KB

              • memory/2488-8-0x00000000FF140000-0x00000000FF14B000-memory.dmp

                Filesize

                44KB

              • memory/2488-7-0x00000000FF140000-0x00000000FF14B000-memory.dmp

                Filesize

                44KB

              • memory/2488-6-0x00000000FF140000-0x00000000FF14B000-memory.dmp

                Filesize

                44KB

              • memory/2488-4-0x00000000FF140000-0x00000000FF14B000-memory.dmp

                Filesize

                44KB

              • memory/2488-3-0x00000000FF140000-0x00000000FF14B000-memory.dmp

                Filesize

                44KB

              • memory/2488-2-0x00000000FF140000-0x00000000FF14B000-memory.dmp

                Filesize

                44KB