Analysis
-
max time kernel
8s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
13-01-2021 14:24
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
file.exe
-
Size
216KB
-
MD5
2e1fcfb191508fc51320313d059bd30d
-
SHA1
18254fc83a340ca9562844542425ed7f995bff4a
-
SHA256
5dd60a5a2e5f074435cb438d3e229d1a3c4e4ef35c9c886a356b52aeb83265cd
-
SHA512
3c441d1ce951aa84af2a179372445aa89a10780e51742b3d77679cd831735416040c5dfe52b1644c6b71d885a80add0264310aba9a40fed9679bee69c5f497fd
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
file.exepid process 848 file.exe 848 file.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
file.exedescription pid process Token: SeDebugPrivilege 848 file.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
file.exedescription pid process target process PID 848 wrote to memory of 1448 848 file.exe dw20.exe PID 848 wrote to memory of 1448 848 file.exe dw20.exe PID 848 wrote to memory of 1448 848 file.exe dw20.exe PID 848 wrote to memory of 1448 848 file.exe dw20.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:848 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 5162⤵PID:1448