Overview

overview

8

Static

static

82385c5627...55.zip

windows7_x64

1

82385c5627...55.zip

windows10_x64

1

82385c5627...55.exe

windows7_x64

8

82385c5627...55.exe

windows10_x64

8

Analysis

  • max time kernel
    146s
  • max time network
    6s
  • platform
    windows7_x64
  • resource
    win7v200722
  • submitted
    08/08/2020, 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82385c5627675bb1a2f760238c766d1b8d3c31e109e067334959c084d62e5d55.exe

  • Size

    916KB

  • MD5

    abec217429330d3c6cb587d614331bd8

  • SHA1

    81b190f81734d38741dcbbc8384505ede2c30ac5

  • SHA256

    82385c5627675bb1a2f760238c766d1b8d3c31e109e067334959c084d62e5d55

  • SHA512

    0bf6a687960068e0882d1d9e53fd7b24e1629aa84dd842b3726f73a0e2b7d6015faac9d96966adf1bc8b01e9bbc06ff0fa1c9edb88250fec31d89384cfa4a4ba

Score
8/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Enumerates connected drives 3 TTPs
  • Drops desktop.ini file(s) 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82385c5627675bb1a2f760238c766d1b8d3c31e109e067334959c084d62e5d55.exe
    "C:\Users\Admin\AppData\Local\Temp\82385c5627675bb1a2f760238c766d1b8d3c31e109e067334959c084d62e5d55.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    • Suspicious use of AdjustPrivilegeToken
    • Drops desktop.ini file(s)
    PID:1508
    • C:\Users\Admin\Documents\csrsse.exe
      "C:\Users\Admin\Documents\csrsse.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:860

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads