4112fd7d49336a390f856b252e13d9b198b54307e5499a00df45ac66c8211854

Analysis

max time kernel
15s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4112fd7d49336a390f856b252e13d9b198b54307e5499a00df45ac66c8211854N.exe
Size

1.3MB
MD5

a3dfc070755d94030ad0e7627a0c8440
SHA1

f770be3504c1846226302c1b61ac55a379fb913c
SHA256

4112fd7d49336a390f856b252e13d9b198b54307e5499a00df45ac66c8211854
SHA512

6426241b13edfa3ea3d0538a52581f31f7b5fb5e1a7389fe2a2c4b05349bd572b8362ca55d969067ab2ad6d6f8fdfc6aca63a371ad2e0e5820425f2c730e1ca3
SSDEEP

24576:pJutuFWvPDnW22ibKGed8oZ2abjmiJlUafCz2BSTZQMS0fUwSB2dyKcjNyqkPL:S0m2yKGUZ/bqgiax2eESB2dOkP

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VersionString.vbs	4112fd7d49336a390f856b252e13d9b198b54307e5499a00df45ac66c8211854N.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
392	4112fd7d49336a390f856b252e13d9b198b54307e5499a00df45ac66c8211854N.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	392	4112fd7d49336a390f856b252e13d9b198b54307e5499a00df45ac66c8211854N.exe
Token: SeDebugPrivilege	392	4112fd7d49336a390f856b252e13d9b198b54307e5499a00df45ac66c8211854N.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 4896	392	4112fd7d49336a390f856b252e13d9b198b54307e5499a00df45ac66c8211854N.exe	29
PID 392 wrote to memory of 4896	392	4112fd7d49336a390f856b252e13d9b198b54307e5499a00df45ac66c8211854N.exe	29
PID 392 wrote to memory of 4896	392	4112fd7d49336a390f856b252e13d9b198b54307e5499a00df45ac66c8211854N.exe	29

C:\Users\Admin\AppData\Local\Temp\4112fd7d49336a390f856b252e13d9b198b54307e5499a00df45ac66c8211854N.exe
"C:\Users\Admin\AppData\Local\Temp\4112fd7d49336a390f856b252e13d9b198b54307e5499a00df45ac66c8211854N.exe"
1⤵
- Drops startup file
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:392
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 392 -s 680
  2⤵
  PID:4896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/392-0-0x000007FEF5E03000-0x000007FEF5E04000-memory.dmp

Filesize
4KB

Download
memory/392-1-0x0000000001160000-0x00000000012AC000-memory.dmp

Filesize
1.3MB

Download
memory/392-2-0x000000001C2C0000-0x000000001C3E0000-memory.dmp

Filesize
1.1MB

Download
memory/392-3-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-30-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-36-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-34-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-32-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-28-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-26-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-24-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-22-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-20-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-18-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-16-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-14-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-12-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-10-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-8-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-6-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-4-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-38-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-58-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-66-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-64-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-62-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-60-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-56-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-54-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-53-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-50-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-48-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-46-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-44-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-42-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-40-0x000000001C2C0000-0x000000001C3DA000-memory.dmp

Filesize
1.1MB

Download
memory/392-1153-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

Filesize
9.9MB

Download
memory/392-1155-0x0000000002830000-0x000000000287C000-memory.dmp

Filesize
304KB

Download
memory/392-1154-0x000000001C6C0000-0x000000001C750000-memory.dmp

Filesize
576KB

Download
memory/392-1156-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

Filesize
9.9MB

Download
memory/392-1157-0x000000001B380000-0x000000001B3D4000-memory.dmp

Filesize
336KB

Download
memory/392-1160-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

Filesize
9.9MB

Download
memory/392-1161-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

Filesize
9.9MB

Download
memory/392-1162-0x000007FEF5E03000-0x000007FEF5E04000-memory.dmp

Filesize
4KB

Download
memory/392-1163-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

Filesize
9.9MB

Download