Analysis
-
max time kernel
68s -
max time network
121s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 17:32
General
-
Target
uncategorized_1.2.0.0.vir.exe
-
Size
368KB
-
MD5
182bbd5dccd1470d10e6b062d39c95d7
-
SHA1
fc0f485b4e178293c3b3eb26c87a38172cf6ccbb
-
SHA256
85e0ff2f0c03b8d8ce1d32b446dcef0e32b79fa581a9c27dcf4d0bb92c6b167f
-
SHA512
edf99f5982240fc22d40c3bceef2f2146122bfa46806c0de320eebe8ef7631d71e4a85fdfe054dca835982adb852cfe138ff798af1341cc9dd891f8b79edfd36
Score
8/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious behavior: MapViewOfSection 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\uncategorized_1.2.0.0.vir.exe"C:\Users\Admin\AppData\Local\Temp\uncategorized_1.2.0.0.vir.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Ofby\eruki.exe"C:\Users\Admin\AppData\Roaming\Ofby\eruki.exe" -r2⤵
- Suspicious use of WriteProcessMemory
- Executes dropped EXE
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\SysWOW64\explorer.exe"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\UNCATE~1.EXE >> NUL if exist C:\Users\Admin\AppData\Local\Temp\UNCATE~1.EXE goto repeat2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Ofby\eruki.exe
-
C:\Users\Admin\AppData\Roaming\Ofby\eruki.exe
-
memory/1812-8-0x0000000000000000-mapping.dmp
-
memory/3892-5-0x0000000000000000-mapping.dmp
-
memory/3892-6-0x0000000000E50000-0x000000000128F000-memory.dmpFilesize
4.2MB
-
memory/3892-7-0x0000000000E50000-0x000000000128F000-memory.dmpFilesize
4.2MB
-
memory/3936-1-0x0000000000000000-mapping.dmp