Overview

overview

10

Static

static

195a1s0ssssd7da.exe

windows7_x64

1

195a1s0ssssd7da.exe

windows10_x64

10

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    09/07/2020, 17:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    195a1s0ssssd7da.exe

  • Size

    717KB

  • MD5

    f5bac73547f97032c8894732a351e065

  • SHA1

    5df55474424dd0445ffb0c8f2b55e26f3d247f34

  • SHA256

    b528251075071c38ce1e0b667af69434125bd6f8afb0de6401b83b41939b2ced

  • SHA512

    b0982846d4c347d360f69906f164fd4a21163c02e7edf17a89aadfd1c401095120a002f661b408a02e9b4405d696b750a21453aaf2075c0092aabd9aeb120fbe

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\195a1s0ssssd7da.exe
    "C:\Users\Admin\AppData\Local\Temp\195a1s0ssssd7da.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: EnumeratesProcesses
    PID:608
    • C:\Users\Admin\AppData\Local\Temp\195a1s0ssssd7da.exe
      "{path}"
      2⤵
        PID:1508
      • C:\Users\Admin\AppData\Local\Temp\195a1s0ssssd7da.exe
        "{path}"
        2⤵
          PID:1600
        • C:\Users\Admin\AppData\Local\Temp\195a1s0ssssd7da.exe
          "{path}"
          2⤵
            PID:452
          • C:\Users\Admin\AppData\Local\Temp\195a1s0ssssd7da.exe
            "{path}"
            2⤵
              PID:876
            • C:\Users\Admin\AppData\Local\Temp\195a1s0ssssd7da.exe
              "{path}"
              2⤵
                PID:340

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads