Overview

overview

3

Static

static

aBifs1DN0rr8X1q.exe

windows7_x64

1

aBifs1DN0rr8X1q.exe

windows10_x64

3

Analysis

  • max time kernel
    144s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7v200430
  • submitted
    09-07-2020 07:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aBifs1DN0rr8X1q.exe

  • Size

    1.1MB

  • MD5

    54ed09d0d2d9e1dee1e5ce915c754b22

  • SHA1

    2595433880abac1d513ce5e5b2751d3f88673ca8

  • SHA256

    2530df4015014e80e6fe59efc45a03f4692a80027d78eec4e1390c5f5da65576

  • SHA512

    855af356529126922fa8e7ee037001eda5caa76b6eb821973d72e55696b67b7250218a1be042e4410ee35447bfd0e19c587350ce15e5320871e6e24475dbcfba

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aBifs1DN0rr8X1q.exe
    "C:\Users\Admin\AppData\Local\Temp\aBifs1DN0rr8X1q.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:904
    • C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LBBVETud" /XML "C:\Users\Admin\AppData\Local\Temp\tmpD24B.tmp"
      2⤵
      • Creates scheduled task(s)
      PID:1800
    • C:\Users\Admin\AppData\Local\Temp\aBifs1DN0rr8X1q.exe
      "{path}"
      2⤵
        PID:1812
      • C:\Users\Admin\AppData\Local\Temp\aBifs1DN0rr8X1q.exe
        "{path}"
        2⤵
          PID:1756
        • C:\Users\Admin\AppData\Local\Temp\aBifs1DN0rr8X1q.exe
          "{path}"
          2⤵
            PID:524
          • C:\Users\Admin\AppData\Local\Temp\aBifs1DN0rr8X1q.exe
            "{path}"
            2⤵
              PID:320
            • C:\Users\Admin\AppData\Local\Temp\aBifs1DN0rr8X1q.exe
              "{path}"
              2⤵
                PID:768

            Network

            MITRE ATT&CK Matrix ATT&CK v6

            Initial Access

            Execution

            Scheduled Task

            1
            T1053

            Persistence

            Scheduled Task

            1
            T1053

            Privilege Escalation

            Scheduled Task

            1
            T1053

            Defense Evasion

            Credential Access

            Discovery

            Lateral Movement

            Collection

            Exfiltration

            Command and Control

            Impact

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\tmpD24B.tmp
              Download Submit
            • memory/904-1-0x0000000000000000-0x0000000000000000-disk.dmp
              Download
            • memory/1800-2-0x0000000000000000-mapping.dmp
              Download