Overview

overview

10

Static

static

10

foo/0044d6...f7.exe

windows7_x64

1

foo/0044d6...f7.exe

windows10_x64

1

foo/034e4c...a9.exe

windows7_x64

4

foo/034e4c...a9.exe

windows10_x64

4

foo/035fa2...72.exe

windows7_x64

10

foo/035fa2...72.exe

windows10_x64

10

foo/04884a...1b.exe

windows7_x64

8

foo/04884a...1b.exe

windows10_x64

8

foo/06ed82...59.exe

windows7_x64

7

foo/06ed82...59.exe

windows10_x64

7

foo/07470b...68.exe

windows7_x64

8

foo/07470b...68.exe

windows10_x64

8

foo/078adb...c0.exe

windows7_x64

10

foo/078adb...c0.exe

windows10_x64

10

foo/09e5c8...b4.exe

windows7_x64

1

foo/09e5c8...b4.exe

windows10_x64

1

foo/0becfe...f4.exe

windows7_x64

10

foo/0becfe...f4.exe

windows10_x64

10

foo/1a78d3...a3.exe

windows7_x64

5

foo/1a78d3...a3.exe

windows10_x64

5

foo/1ffe82...a6.exe

windows7_x64

10

foo/1ffe82...a6.exe

windows10_x64

10

foo/255028...e1.dll

windows7_x64

1

foo/255028...e1.dll

windows10_x64

1

foo/27601d...cc.exe

windows7_x64

8

foo/27601d...cc.exe

windows10_x64

8

foo/27f911...49.exe

windows7_x64

10

foo/27f911...49.exe

windows10_x64

10

foo/28408c...c5.exe

windows7_x64

10

foo/28408c...c5.exe

windows10_x64

10

foo/296822...e4.dll

windows7_x64

3

foo/296822...e4.dll

windows10_x64

3

foo/2de7b8...a4.exe

windows7_x64

10

foo/2de7b8...a4.exe

windows10_x64

10

foo/2e00df...8b.exe

windows7_x64

9

foo/2e00df...8b.exe

windows10_x64

9

foo/2e90a1...22.exe

windows7_x64

6

foo/2e90a1...22.exe

windows10_x64

6

foo/2f215e...b0.dll

windows7_x64

10

foo/2f215e...b0.dll

windows10_x64

10

foo/30bc06...3e.exe

windows7_x64

10

foo/30bc06...3e.exe

windows10_x64

10

foo/312e67...f3.exe

windows7_x64

4

foo/312e67...f3.exe

windows10_x64

4

foo/383497...1b.exe

windows7_x64

10

foo/383497...1b.exe

windows10_x64

10

foo/39555e...ec.exe

windows7_x64

10

foo/39555e...ec.exe

windows10_x64

10

foo/39e531...04.exe

windows7_x64

10

foo/39e531...04.exe

windows10_x64

10

foo/3aba72...cd.exe

windows7_x64

1

foo/3aba72...cd.exe

windows10_x64

1

foo/406c9b...fe.exe

windows7_x64

10

foo/406c9b...fe.exe

windows10_x64

10

foo/457cfd...ca.exe

windows7_x64

7

foo/457cfd...ca.exe

windows10_x64

7

foo/4761e4...60.exe

windows7_x64

8

foo/4761e4...60.exe

windows10_x64

8

foo/487f1b...04.exe

windows7_x64

8

foo/487f1b...04.exe

windows10_x64

7

foo/4a74c9...cf.exe

windows7_x64

10

foo/4a74c9...cf.exe

windows10_x64

10

foo/4b2d78...4b.exe

windows7_x64

8

foo/4b2d78...4b.exe

windows10_x64

8

foo/4c49c2...ba.exe

windows7_x64

1

foo/4c49c2...ba.exe

windows10_x64

1

foo/4cfe8f...77.exe

windows7_x64

9

foo/4cfe8f...77.exe

windows10_x64

9

foo/4ea454...13.exe

windows7_x64

8

foo/4ea454...13.exe

windows10_x64

8

foo/52d6c5...7e.exe

windows7_x64

7

foo/52d6c5...7e.exe

windows10_x64

7

foo/55fc11...e0.exe

windows7_x64

foo/55fc11...e0.exe

windows10_x64

10

foo/59f0fb...06.exe

windows7_x64

1

foo/59f0fb...06.exe

windows10_x64

1

foo/5b1c0d...cb.exe

windows7_x64

1

foo/5b1c0d...cb.exe

windows10_x64

1

foo/5bc72a...ea.exe

windows7_x64

8

foo/5bc72a...ea.exe

windows10_x64

8

foo/5d3305...2a.exe

windows7_x64

7

foo/5d3305...2a.exe

windows10_x64

7

foo/5d9775...39.exe

windows7_x64

8

foo/5d9775...39.exe

windows10_x64

8

foo/60121e...3e.exe

windows7_x64

9

foo/60121e...3e.exe

windows10_x64

9

foo/62565a...fd.exe

windows7_x64

10

foo/62565a...fd.exe

windows10_x64

10

foo/62a3fd...64.exe

windows7_x64

8

foo/62a3fd...64.exe

windows10_x64

10

foo/63e9ce...d0.exe

windows7_x64

8

foo/63e9ce...d0.exe

windows10_x64

8

foo/6497ba...c5.exe

windows7_x64

10

foo/6497ba...c5.exe

windows10_x64

10

foo/698cc8...31.exe

windows7_x64

7

foo/698cc8...31.exe

windows10_x64

7

foo/6f2c5c...d5.exe

windows7_x64

7

foo/6f2c5c...d5.exe

windows10_x64

7

foo/798f5e...ba.exe

windows7_x64

10

foo/798f5e...ba.exe

windows10_x64

10

foo/7aec86...51.exe

windows7_x64

1

foo/7aec86...51.exe

windows10_x64

1

foo/84bf6e...64.exe

windows7_x64

8

foo/84bf6e...64.exe

windows10_x64

8

foo/907b7d...b3.exe

windows7_x64

8

foo/907b7d...b3.exe

windows10_x64

8

foo/928f1d...ee.exe

windows7_x64

1

foo/928f1d...ee.exe

windows10_x64

1

foo/9401b0...6c.exe

windows7_x64

1

foo/9401b0...6c.exe

windows10_x64

1

foo/97dd87...84.exe

windows7_x64

10

foo/97dd87...84.exe

windows10_x64

10

foo/9b8c48...a4.exe

windows7_x64

8

foo/9b8c48...a4.exe

windows10_x64

8

foo/9cde71...cd.exe

windows7_x64

6

foo/9cde71...cd.exe

windows10_x64

6

foo/9d3438...4b.exe

windows7_x64

8

foo/9d3438...4b.exe

windows10_x64

1

foo/9f8818...2d.exe

windows7_x64

8

foo/9f8818...2d.exe

windows10_x64

3

foo/a17bdc...cf.exe

windows7_x64

9

foo/a17bdc...cf.exe

windows10_x64

9

foo/a29811...46.exe

windows7_x64

10

foo/a29811...46.exe

windows10_x64

10

foo/aa3b51...52.exe

windows7_x64

10

foo/aa3b51...52.exe

windows10_x64

10

foo/acf0b7...c4.exe

windows7_x64

8

foo/acf0b7...c4.exe

windows10_x64

8

foo/aeca5c...f7.exe

windows7_x64

1

foo/aeca5c...f7.exe

windows10_x64

1

foo/b10714...f3.exe

windows7_x64

8

foo/b10714...f3.exe

windows10_x64

8

foo/b23652...9f.exe

windows7_x64

6

foo/b23652...9f.exe

windows10_x64

6

foo/b514b5...fc.exe

windows7_x64

1

foo/b514b5...fc.exe

windows10_x64

1

foo/b64196...23.exe

windows7_x64

7

foo/b64196...23.exe

windows10_x64

7

foo/b693df...60.exe

windows7_x64

7

foo/b693df...60.exe

windows10_x64

7

foo/b6e7c9...bc.exe

windows7_x64

10

foo/b6e7c9...bc.exe

windows10_x64

10

foo/b7d5f0...4a.exe

windows7_x64

10

foo/b7d5f0...4a.exe

windows10_x64

10

foo/ba2d46...29.exe

windows7_x64

1

foo/ba2d46...29.exe

windows10_x64

1

foo/bad78e...e5.exe

windows7_x64

9

foo/bad78e...e5.exe

windows10_x64

9

foo/bc6536...b9.exe

windows7_x64

10

foo/bc6536...b9.exe

windows10_x64

10

foo/be85e0...2c.exe

windows7_x64

1

foo/be85e0...2c.exe

windows10_x64

1

foo/c914b1...ee.exe

windows7_x64

3

foo/c914b1...ee.exe

windows10_x64

3

foo/c944ea...cc.exe

windows7_x64

8

foo/c944ea...cc.exe

windows10_x64

8

foo/cad363...8b.exe

windows7_x64

6

foo/cad363...8b.exe

windows10_x64

6

foo/cd89b6...df.exe

windows7_x64

8

foo/cd89b6...df.exe

windows10_x64

8

foo/d81e76...c4.exe

windows7_x64

10

foo/d81e76...c4.exe

windows10_x64

10

foo/d86d2c...08.exe

windows7_x64

10

foo/d86d2c...08.exe

windows10_x64

10

foo/d8e37d...98.exe

windows7_x64

9

foo/d8e37d...98.exe

windows10_x64

9

foo/dea515...e1.exe

windows7_x64

10

foo/dea515...e1.exe

windows10_x64

6

foo/dfcc55...b8.exe

windows7_x64

7

foo/dfcc55...b8.exe

windows10_x64

7

foo/e03bd4...fe.exe

windows7_x64

8

foo/e03bd4...fe.exe

windows10_x64

8

foo/e16ec7...2d.exe

windows7_x64

8

foo/e16ec7...2d.exe

windows10_x64

8

foo/e61c0e...0e.exe

windows7_x64

7

foo/e61c0e...0e.exe

windows10_x64

7

foo/e78fad...51.exe

windows7_x64

8

foo/e78fad...51.exe

windows10_x64

8

foo/e7ad45...88.exe

windows7_x64

3

foo/e7ad45...88.exe

windows10_x64

3

foo/e95678...8f.exe

windows7_x64

1

foo/e95678...8f.exe

windows10_x64

1

foo/edf723...ee.dll

windows7_x64

1

foo/edf723...ee.dll

windows10_x64

1

foo/f2366f...f5.exe

windows7_x64

1

foo/f2366f...f5.exe

windows10_x64

1

foo/f645a9...1f.exe

windows7_x64

1

foo/f645a9...1f.exe

windows10_x64

1

foo/f65e75...56.exe

windows7_x64

1

foo/f65e75...56.exe

windows10_x64

1

foo/f66028...2b.exe

windows7_x64

8

foo/f66028...2b.exe

windows10_x64

8

foo/f6c1c7...89.exe

windows7_x64

10

foo/f6c1c7...89.exe

windows10_x64

10

foo/fbab90...7c.exe

windows7_x64

7

foo/fbab90...7c.exe

windows10_x64

7

foo/fcdc00...b3.exe

windows7_x64

8

foo/fcdc00...b3.exe

windows10_x64

8

foo/fffb61...ba.exe

windows7_x64

1

foo/fffb61...ba.exe

windows10_x64

1

Analysis

  • max time kernel
    151s
  • max time network
    124s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    11-08-2020 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    foo/928f1db0c63d122f0183686a3bdfccee.exe

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 52 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\foo\928f1db0c63d122f0183686a3bdfccee.exe
    "C:\Users\Admin\AppData\Local\Temp\foo\928f1db0c63d122f0183686a3bdfccee.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3844
    • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
      -a
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\sh\jpig.buw
    MD5

    fd525115524318dd876846ff58f14590

    SHA1

    fb00ea5ea86fa242c7898aec8c759af0984fd2b6

    SHA256

    5000dc01bc9e844f0515cd5e840902f24aa4f05b889be8e22ab8c979eadc562b

    SHA512

    052aef52a70b050e2f5beec0a49a052074a980e1b62aef83a139b929908e90678ea0d47add7f7136218c8f8187681b4aa03878103d5b11e6c97f8ad7a8cd7f8e

    Download Submit
  • C:\ProgramData\sh\xcq.eyx
    MD5

    ff1c4e20057ec46344bff512c0876624

    SHA1

    ed9aa9aac0b2dcc60f210a83f392b544ee09b700

    SHA256

    3d5df8ddc17156f694438140e7008564acdb3814920a51fd7e80e17f6799239f

    SHA512

    3f30cee2aac3d58d3862159fe39d822581c7e3fbf7d88ffee8efcf212003bbc1c06adec3528cb316ab8a00b7da748c9c5946612f1a8ced6bc2171cf4529e3be5

    Download Submit
  • memory/3572-1-0x0000000000000000-mapping.dmp
    Download
  • memory/3572-2-0x0000000000000000-mapping.dmp
    Download
  • memory/3572-3-0x0000000000000000-mapping.dmp
    Download
  • memory/3844-0-0x0000000002A80000-0x0000000002B58000-memory.dmp
    Filesize

    864KB

    Download