Analysis
-
max time kernel
136s -
max time network
147s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
16/07/2020, 05:03
General
-
Target
desserpcx.exe
-
Size
2.0MB
-
MD5
728df519e8cfe0d692a8f85ac238436f
-
SHA1
55cd413c2bdfe8803b3a4a6abca2f3b8e0b606f0
-
SHA256
966aa9010dcd3fdd35f00b995066013f1a686c4b8364cd5037b5eaed6f1140df
-
SHA512
dd2a7842a7489256d939e7f7ba67d14dd3f02d53fe19c515550905f26c4899881333d793dec7160275217564f637823ae456399beb4763b357822c3c6d6a77eb
Score
6/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 10 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
JavaScript code in executable 1 IoCs
-
Drops desktop.ini file(s) 2 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\desserpcx.exe"C:\Users\Admin\AppData\Local\Temp\desserpcx.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
- Adds Run key to start application
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"C:\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\InstallUtil.exe"2⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
- Drops desktop.ini file(s)
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\trziem3q.cmdline"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7585.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC7584.tmp"4⤵
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB