Overview

overview

10

Static

static

Over.exe

windows7_x64

10

Over.exe

windows10_x64

3

Analysis

  • max time kernel
    75s
  • max time network
    136s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    10/07/2020, 16:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Over.exe

  • Size

    569KB

  • MD5

    13ab67e8f8926a8a3b22e6d94227523a

  • SHA1

    0d31a3d936773eff254b2068d0cfab9c0e1b5619

  • SHA256

    8e7298a389df54f92bf0c976fc29c451b43e1862cc4794c1f2e95e1d7cdb92a2

  • SHA512

    c9e4654ecd67733727aa3d529961ca0d8e548f17f662d6d71289bcf53611d2300a71fe8ccbb9b2aa4a2e9ee384150726608ae74adc339cf7f500d4e5341bb961

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Over.exe
    "C:\Users\Admin\AppData\Local\Temp\Over.exe"
    1⤵
      PID:3676
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 912
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3856

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3856-0-0x00000000043D0000-0x00000000043D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3856-1-0x00000000043D0000-0x00000000043D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3856-3-0x0000000004A80000-0x0000000004A81000-memory.dmp

            Filesize

            4KB

            Download