Overview

overview

10

Static

static

10

9GVm7REB.exe

windows7_x64

1

9GVm7REB.exe

windows10_x64

1

Analysis

  • max time kernel
    6s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    09-12-2020 18:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9GVm7REB.exe

  • Size

    16KB

  • MD5

    f2810a3dce3d34a9079a6a3a5187450b

  • SHA1

    50ebe17fafa84507435b7c1c047ddf2f81b0104e

  • SHA256

    07feae557eab579c338f332acf848b97b0d2a6084f60f10ff7f3ed3fe893a2a6

  • SHA512

    05d2d9d7b7a63af4a409167ec2304012b086fa126191757f866658b793af2cfbaa95e80e47538017f619f0a93138589346e5a694638b07e1f9f6f2ca25256331

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9GVm7REB.exe
    "C:\Users\Admin\AppData\Local\Temp\9GVm7REB.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:596

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/596-2-0x000007FEF5670000-0x000007FEF600D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/596-3-0x000007FEF5670000-0x000007FEF600D000-memory.dmp
    Filesize

    9.6MB

    Download