5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e.exe
Size

1.6MB
MD5

dce4e27a9b406b7ab027bf9120cbd586
SHA1

ae49c0d0e091519fe7dbb48c7300a823aa8bcf2d
SHA256

5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e
SHA512

4686553a9d596658db4feb55f55fb86315aa7eec4de2bb4dfdfd733268c9b03b311b0807e4c807866167c0a34a2dc26b090536bbdf920074c3fe32a1d52aa5aa
SSDEEP

24576:9sRgQPPLVkiouiRjaMkVRu9JS70cJscGh6U8mEGKacNpVAADNi5GeZTOjoR:9sV3LGjpkVIJunw98mTKfVAyNioSTOm

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

Processes:

5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FailedAssemblyInfo.vbs	5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e.exe

pid process

2508 5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e.exe

pid	process
2508	5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e.exe

description	pid	process
Token: SeDebugPrivilege	2508	5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e.exe
Token: SeDebugPrivilege	2508	5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e.exe

description	pid	process	target process
PID 2508 wrote to memory of 4784	2508	5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e.exe	WerFault.exe
PID 2508 wrote to memory of 4784	2508	5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e.exe	WerFault.exe
PID 2508 wrote to memory of 4784	2508	5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e.exe
"C:\Users\Admin\AppData\Local\Temp\5b219722844718194c11874136d8b7b85ea25cda551d7002850cb930b9fc0b3e.exe"
1⤵
- Drops startup file
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2508 -s 700
  2⤵
  PID:4784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2508-0-0x000007FEF5573000-0x000007FEF5574000-memory.dmp

Filesize
4KB

Download
memory/2508-1-0x0000000000EA0000-0x000000000103E000-memory.dmp

Filesize
1.6MB

Download
memory/2508-2-0x00000000026B0000-0x0000000002850000-memory.dmp

Filesize
1.6MB

Download
memory/2508-3-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-8-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-26-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-4-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-6-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-30-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-28-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-24-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-22-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-32-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-20-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-18-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-16-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-14-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-12-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-10-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-40-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-48-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-60-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-66-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-64-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-62-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-58-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-56-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-54-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-52-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-50-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-46-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-44-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-42-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-38-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-36-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-34-0x00000000026B0000-0x0000000002849000-memory.dmp

Filesize
1.6MB

Download
memory/2508-1153-0x000000001C1C0000-0x000000001C2CE000-memory.dmp

Filesize
1.1MB

Download
memory/2508-1155-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

Filesize
9.9MB

Download
memory/2508-1154-0x00000000007C0000-0x000000000080C000-memory.dmp

Filesize
304KB

Download
memory/2508-1156-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

Filesize
9.9MB

Download
memory/2508-1157-0x0000000002540000-0x0000000002594000-memory.dmp

Filesize
336KB

Download
memory/2508-1160-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

Filesize
9.9MB

Download
memory/2508-1161-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

Filesize
9.9MB

Download
memory/2508-1162-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

Filesize
9.9MB

Download