Resubmissions

21-11-2024 21:22

241121-z7zc4ssmgp 10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 21:22

General

  • Target

    system.exe

  • Size

    122KB

  • MD5

    8ccbd97201fb104da148476fb7740d38

  • SHA1

    33b60652da7403daeb3e18c8f5db8d9c4e595e43

  • SHA256

    f5939fc9c044ea28527a3f66ce394153b43473d28e1209c49dd19d5916e1368d

  • SHA512

    b03e1849a858cd02a9f025c1897638ac2c038f4218c179bbb9a8cfd5d0db41d00fa620d861977802f8bf3250f5c9d09986e95da61fa4019912b60747473c1ad8

  • SSDEEP

    3072:EG3oAZoUcggU5DZv2eZU72VM5B5rhYb9wEKT3ut:E0oIoUcgpO2VwHREK

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\system.exe
    "C:\Users\Admin\AppData\Local\Temp\system.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2972 -s 764
      2⤵
        PID:2612

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2972-0-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

      Filesize

      4KB

    • memory/2972-1-0x00000000003A0000-0x00000000003C4000-memory.dmp

      Filesize

      144KB

    • memory/2972-2-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

      Filesize

      9.9MB

    • memory/2972-3-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

      Filesize

      9.9MB