Overview

overview

10

Static

static

malware.exe

windows7_x64

10

malware.exe

windows10_x64

7

Resubmissions

01-05-2020 12:06

200501-p6rz3bm7hs 10

02-03-2020 12:22

200302-886h98214s 10

Analysis

  • max time kernel
    122s
  • max time network
    107s
  • platform
    windows10_x64
  • resource
    win10v200217
  • submitted
    02-03-2020 12:22

Sharing

Copy URL
Twitter E-mail

General

  • Target

    malware.exe

  • Size

    743KB

  • MD5

    d0b3518e06e76afbf847b77eb0394aee

  • SHA1

    56d0931f5ca3dfb0f3848a512297adbf7d758a87

  • SHA256

    a95ad9e61847bec0e9faac52ac95e069cf6cf9583733cc10cf547060e096eb24

  • SHA512

    0654014c576f29947c6773be6b0c359a1487d6ad7a9eab0cea3cc9df49d1fda1715d143d937347839aec815220783206af175ee1385c9838046798241f1c8bfd

Score
7/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\malware.exe
    "C:\Users\Admin\AppData\Local\Temp\malware.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3932
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 1264
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious behavior: EnumeratesProcesses
      PID:3504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3504-0-0x0000000004500000-0x0000000004501000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3504-1-0x0000000004500000-0x0000000004501000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3504-3-0x0000000004900000-0x0000000004901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3504-4-0x0000000004EF0000-0x0000000004EF1000-memory.dmp

    Filesize

    4KB

    Download