Overview

overview

3

Static

static

79e7a69b5d...b2.exe

windows7_x64

3

79e7a69b5d...b2.exe

windows10_x64

3

Analysis

  • max time kernel
    55s
  • max time network
    67s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    09/07/2020, 13:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79e7a69b5d57d4ae5312dae8ffb6615d41fec9d38fa7cbf0bb37082881cc4fb2.exe

  • Size

    8KB

  • MD5

    e32fa93f556ed67aa7d25ab2eed1c02c

  • SHA1

    cdd24ebe72e5041c43bfa21835e674e747678ec8

  • SHA256

    79e7a69b5d57d4ae5312dae8ffb6615d41fec9d38fa7cbf0bb37082881cc4fb2

  • SHA512

    2c4bb7da6fb869971e0d07025d6dcddbc034dd9a31463f23a6ff8a0775e8e8683e7125f9be8019846fe58a44a5b1b1fe0b6aead9ed4ba98752325181f3127338

Score
3/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79e7a69b5d57d4ae5312dae8ffb6615d41fec9d38fa7cbf0bb37082881cc4fb2.exe
    "C:\Users\Admin\AppData\Local\Temp\79e7a69b5d57d4ae5312dae8ffb6615d41fec9d38fa7cbf0bb37082881cc4fb2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:112
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 624
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious behavior: EnumeratesProcesses
      • Program crash
      PID:280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/280-1-0x00000000022F0000-0x0000000002301000-memory.dmp

    Filesize

    68KB

    Download

  • memory/280-2-0x00000000025C0000-0x00000000025D1000-memory.dmp

    Filesize

    68KB

    Download