eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-11-2024 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe
Size

368KB
MD5

cfbfabd8e0b67d01a19458be6b945517
SHA1

fa3d597f04aa2dd1e7f97c9b8f9c69a5411c6361
SHA256

eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f
SHA512

1927b7b6f8cc1bbe2dd786986c806e7b44574f859968bf0fd4046daf8ad4a4e1ce02ca5d511c2b48e3c5b3e838eeb4b0e5bd2ad9a27313eaae6d6011a675bb9a
SSDEEP

384:ESKu2cP3nyEVPTHWKtL2H0VuM35zlQEew+yTzSf4JM54iICSCr4H444uiiiL1CjW:N3vnyAWkaHRQMwdz+4H4447iiL1o

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe

pid	Process
2488	eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe
2488	eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe
2488	eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe
2488	eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe

description	pid	Process
Token: SeDebugPrivilege	2488	eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe
Token: SeDebugPrivilege	2488	eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe

description	pid	Process	procid_target
PID 2488 wrote to memory of 652	2488	eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe	32
PID 2488 wrote to memory of 652	2488	eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe	32
PID 2488 wrote to memory of 652	2488	eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe	32

C:\Users\Admin\AppData\Local\Temp\eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe
"C:\Users\Admin\AppData\Local\Temp\eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2488 -s 868
  2⤵
  PID:652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2488-0-0x000007FEF5873000-0x000007FEF5874000-memory.dmp

Filesize
4KB

Download
memory/2488-1-0x0000000000380000-0x00000000003E0000-memory.dmp

Filesize
384KB

Download
memory/2488-2-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2488-3-0x000000001BF40000-0x000000001C05E000-memory.dmp

Filesize
1.1MB

Download
memory/2488-4-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-15-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-35-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-33-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-31-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-29-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-27-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-25-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-23-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-21-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-19-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-17-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-13-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-11-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-9-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-7-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-5-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-47-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-45-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-43-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-41-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-39-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-37-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-49-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-51-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-53-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-55-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-57-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-67-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-65-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-63-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-61-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-59-0x000000001BF40000-0x000000001C057000-memory.dmp

Filesize
1.1MB

Download
memory/2488-1078-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2488-1079-0x000000001AD60000-0x000000001ADF8000-memory.dmp

Filesize
608KB

Download
memory/2488-1080-0x000000001B590000-0x000000001B5DC000-memory.dmp

Filesize
304KB

Download
memory/2488-1081-0x000007FEF5873000-0x000007FEF5874000-memory.dmp

Filesize
4KB

Download
memory/2488-1082-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2488-1084-0x000000001BCD0000-0x000000001BD24000-memory.dmp

Filesize
336KB

Download
memory/2488-1085-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2488-1086-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download