Overview

overview

10

Static

static

gunzipped.exe

windows7_x64

10

gunzipped.exe

windows10_x64

3

Analysis

  • max time kernel
    65s
  • max time network
    97s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    30-06-2020 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gunzipped.exe

  • Size

    205KB

  • MD5

    63e6327e7fc65e4fdb8836589881d7e8

  • SHA1

    bd16c795a6e876363c90ffa7908606ed4605221b

  • SHA256

    82ad3e5d52c6b6b26f56ff7863ed572ffb09de0701635dabce5923768453438b

  • SHA512

    f241c0bd1224577faf8da1523d4b35245185695a0fa3c6462aadd38684726769ef5b61526196b7f417b1686bbbea79b3b1803f3964cd5c1af4034793127c6440

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\gunzipped.exe
    "C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"
    1⤵
      PID:3888
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 892
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious behavior: EnumeratesProcesses
        PID:3868

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3868-0-0x00000000045E0000-0x00000000045E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3868-1-0x0000000004B20000-0x0000000004B21000-memory.dmp
      Filesize

      4KB

      Download