Overview

overview

3

Static

static

PMT.exe

windows7_x64

1

PMT.exe

windows10_x64

3

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    11-07-2020 06:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PMT.exe

  • Size

    641KB

  • MD5

    7bf2c1a3e369148e2e59280a91c23abd

  • SHA1

    769b19e5208760910a25e59508f6b4258ce0f7ee

  • SHA256

    0e7d9a0423e2abe849c313d741de58cb172512f0b81ca56680a0c98bcc5a28e8

  • SHA512

    e616f4599ec00843a7a28557a7af5aea18ed0ce4eaf97596aa3a25b3380817d2c4c5a62817bfd29d16d7d19aab177bdbba71b00242eb2836100512b1082004dc

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PMT.exe
    "C:\Users\Admin\AppData\Local\Temp\PMT.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: EnumeratesProcesses
    PID:1464
    • C:\Users\Admin\AppData\Local\Temp\PMT.exe
      "{path}"
      2⤵
        PID:1876
      • C:\Users\Admin\AppData\Local\Temp\PMT.exe
        "{path}"
        2⤵
          PID:1896
        • C:\Users\Admin\AppData\Local\Temp\PMT.exe
          "{path}"
          2⤵
            PID:1888
          • C:\Users\Admin\AppData\Local\Temp\PMT.exe
            "{path}"
            2⤵
              PID:1916
            • C:\Users\Admin\AppData\Local\Temp\PMT.exe
              "{path}"
              2⤵
                PID:1908

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1464-1-0x0000000000000000-0x0000000000000000-disk.dmp
              Download