Overview

overview

10

Static

static

SCAN_20210...69.exe

windows7_x64

1

SCAN_20210...69.exe

windows10_x64

10

Analysis

  • max time kernel
    60s
  • max time network
    15s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    13-01-2021 07:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SCAN_20210113140930669.exe

  • Size

    1.0MB

  • MD5

    5f7d0bc54b8cfbfca3057aeddb3c0909

  • SHA1

    a426832c6b424a035cfb30f9d4ba07cd45dc5ce1

  • SHA256

    2120a958805532d53821fb90eaaa140d8a6461f667b392e352311ff896465f46

  • SHA512

    74977c2c7ac0793912dbc073cb7dc6184d42cab8d93e595abe673c65402b439e0adbaf2e82686dd11da79e4b6dc6d75e94a2745fe7c2e8fd1f2fd55de5b9082b

Score
1/10

Malware Config

Signatures

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SCAN_20210113140930669.exe
    "C:\Users\Admin\AppData\Local\Temp\SCAN_20210113140930669.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fqJdWysg" /XML "C:\Users\Admin\AppData\Local\Temp\tmp4846.tmp"
      2⤵
      • Creates scheduled task(s)
      PID:652
    • C:\Users\Admin\AppData\Local\Temp\SCAN_20210113140930669.exe
      "C:\Users\Admin\AppData\Local\Temp\SCAN_20210113140930669.exe"
      2⤵
        PID:1472
      • C:\Users\Admin\AppData\Local\Temp\SCAN_20210113140930669.exe
        "C:\Users\Admin\AppData\Local\Temp\SCAN_20210113140930669.exe"
        2⤵
          PID:1456
        • C:\Users\Admin\AppData\Local\Temp\SCAN_20210113140930669.exe
          "C:\Users\Admin\AppData\Local\Temp\SCAN_20210113140930669.exe"
          2⤵
            PID:1092
          • C:\Users\Admin\AppData\Local\Temp\SCAN_20210113140930669.exe
            "C:\Users\Admin\AppData\Local\Temp\SCAN_20210113140930669.exe"
            2⤵
              PID:1560
            • C:\Users\Admin\AppData\Local\Temp\SCAN_20210113140930669.exe
              "C:\Users\Admin\AppData\Local\Temp\SCAN_20210113140930669.exe"
              2⤵
                PID:796

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\tmp4846.tmp
              MD5

              c963981c0dd5716b051f32161e14e8fb

              SHA1

              d8024d1745ad1225cb26962dc4d2d2e71e6a12b2

              SHA256

              29aa89cfe5eef829f24a059c1b4b82db65f8411127f013f0089895cf23ce1c80

              SHA512

              65dde9f0ca633546a372970cf30174224edd4109965883f60d1a8f042928682893ea012ef0822e51dad32db49dae2aa3c6e4bdbf7844d8f05dc4c1897cdcb5aa

              Download Submit
            • memory/652-7-0x0000000000000000-mapping.dmp
              Download
            • memory/808-2-0x0000000073F40000-0x000000007462E000-memory.dmp
              Filesize

              6.9MB

              Download
            • memory/808-3-0x00000000003C0000-0x00000000003C1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/808-5-0x00000000004E0000-0x00000000004F2000-memory.dmp
              Filesize

              72KB

              Download
            • memory/808-6-0x0000000004C60000-0x0000000004CCB000-memory.dmp
              Filesize

              428KB

              Download