Overview

overview

8

Static

static

grabbot_0....ir.exe

windows7_x64

8

grabbot_0....ir.exe

windows10_x64

8

Analysis

  • max time kernel
    131s
  • max time network
    134s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    19-07-2020 16:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    grabbot_0.1.4.3.vir.exe

  • Size

    484KB

  • MD5

    e71757443439452b11c05a06d684acb8

  • SHA1

    7eb0380d4d295b649e1f1c4fc82c2e4dcd4325cc

  • SHA256

    39c70b63f715a285b8c68c88546b49eb65f799ae3fc78c2c8f1272ac8d5c05ef

  • SHA512

    09679022f5de09dd30ee48784c2d6cf4cbf92271cd278155c2274ef39eda25d7001f1a5277d767d7b43cb655fa8b7cdbfcd52ffb88081a458de3de44735af1a6

Score
8/10
upx

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Program crash 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:2968
      • C:\Users\Admin\AppData\Local\Temp\grabbot_0.1.4.3.vir.exe
        "C:\Users\Admin\AppData\Local\Temp\grabbot_0.1.4.3.vir.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetThreadContext
        • Suspicious use of SetWindowsHookEx
        PID:3676
        • C:\Program Files (x86)\Internet Explorer\iexplore.exe
          "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
          3⤵
            PID:3840
          • C:\Program Files (x86)\Internet Explorer\iexplore.exe
            "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
            3⤵
              PID:3876
            • C:\Program Files (x86)\Internet Explorer\iexplore.exe
              "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
              3⤵
              • Checks whether UAC is enabled
              • Suspicious use of SetWindowsHookEx
              PID:3012
            • C:\Users\Admin\AppData\Local\Temp\grabbot_0.1.4.3.vir.exe
              "C:\Users\Admin\AppData\Local\Temp\grabbot_0.1.4.3.vir.exe"
              3⤵
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              • Suspicious use of AdjustPrivilegeToken
              PID:1892
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 580
                4⤵
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                • Program crash
                PID:3252

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1892-9-0x0000000000404DB0-mapping.dmp
          Download
        • memory/1892-2-0x0000000000400000-0x0000000019270000-memory.dmp
          Filesize

          398.4MB

          Download
        • memory/1892-5-0x0000000000404DB0-mapping.dmp
          Download
        • memory/1892-6-0x0000000000400000-0x0000000019270000-memory.dmp
          Filesize

          398.4MB

          Download
        • memory/1892-10-0x0000000000404DB0-mapping.dmp
          Download
        • memory/1892-11-0x0000000000404DB0-mapping.dmp
          Download
        • memory/3012-1-0x000000000040D560-mapping.dmp
          Download
        • memory/3012-3-0x0000000000400000-0x00000000009DC000-memory.dmp
          Filesize

          5.9MB

          Download
        • memory/3012-4-0x0000000000400000-0x00000000009DC000-memory.dmp
          Filesize

          5.9MB

          Download
        • memory/3012-0-0x0000000000400000-0x00000000009DC000-memory.dmp
          Filesize

          5.9MB

          Download
        • memory/3252-7-0x0000000004550000-0x0000000004551000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3252-8-0x0000000004550000-0x0000000004551000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3252-12-0x0000000004C80000-0x0000000004C81000-memory.dmp
          Filesize

          4KB

          Download