Overview

overview

10

Static

static

scan copy.exe

windows7_x64

10

scan copy.exe

windows10_x64

3

Analysis

  • max time kernel
    64s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10v200722
  • submitted
    31-07-2020 10:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    scan copy.exe

  • Size

    479KB

  • MD5

    439bff3720a10a5edec44dadfd4e53d7

  • SHA1

    6d1b8ec46da61b2d690f15169e85deec829d45c3

  • SHA256

    e71c74d33683e14022e6d0f0e7a14efcf744c7d4aec03216934dbf17eba9eacb

  • SHA512

    034b8e8f0c0b7ce7e7efdc05e897fe42aef3105ed05e430c8a6a9ea5f92eacc26211ce882ac158966f0d06f052f61f2ff25c4edd5a61fdedcc17bdc00c3ea2f4

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\scan copy.exe
    "C:\Users\Admin\AppData\Local\Temp\scan copy.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:60
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 60 -s 1196
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4012-0-0x0000000004DA0000-0x0000000004DA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4012-1-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download