Overview

overview

10

Static

static

111ad96421...96.exe

windows7_x64

5

111ad96421...96.exe

windows10_x64

10

Analysis

  • max time kernel
    62s
  • max time network
    64s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    19-07-2020 09:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    111ad964219b61522ae20b036702d096.exe

  • Size

    957KB

  • MD5

    111ad964219b61522ae20b036702d096

  • SHA1

    184bab164050233a8d72541decbc4437f2122843

  • SHA256

    dfb1f00592d6264a6bf3ad8b02187dfad62d1526fa5b32e667cd6bf884d4db85

  • SHA512

    09ea9830cb7508594818e25cddd03aef055b0cdc517f8270197b0798648007cfe2cc2bfd763a838067436d8a229a0c7a24ef6fa016eec07464c8e4d793798b6e

Score
5/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 24 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Kills process with taskkill 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\111ad964219b61522ae20b036702d096.exe
    "C:\Users\Admin\AppData\Local\Temp\111ad964219b61522ae20b036702d096.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    • Suspicious use of SetThreadContext
    PID:1104
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      • Suspicious use of AdjustPrivilegeToken
      PID:1304
      • C:\Windows\SysWOW64\cmd.exe
        "cmd.exe" /C taskkill /F /PID 1304 && choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:276
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /PID 1304
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Kills process with taskkill
          PID:1088
        • C:\Windows\SysWOW64\choice.exe
          choice /C Y /N /D Y /T 3
          4⤵
            PID:1832

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1104-0-0x0000000000D40000-0x0000000000E0B000-memory.dmp

      Filesize

      812KB

      Download

    • memory/1104-1-0x0000000000F80000-0x0000000000F91000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1104-2-0x00000000029E0000-0x00000000029F1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1104-3-0x0000000005480020-0x000000000553D620-disk.dmp

      Filesize

      757KB

      Download

    • memory/1304-6-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1304-8-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/1304-9-0x0000000000400000-0x000000000042C000-memory.dmp

      Filesize

      176KB

      Download