Overview

overview

7

Static

static

09000000000000h.exe

windows7_x64

7

09000000000000h.exe

windows10_x64

7

Analysis

  • max time kernel
    126s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    13-01-2021 07:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09000000000000h.exe

  • Size

    593KB

  • MD5

    af891ae0d2ec4596cd000335cfb9bbcc

  • SHA1

    bc5414af0bf6cabe07b0088a306a06f6f3dd5407

  • SHA256

    5cc38d4a28e3609654ae3975d062a71272bdaaa655d998498f2169c7679bb19e

  • SHA512

    7d8d2aad1499609e9ff3b0c503a24926cc8ce1f71b1e34b17b7d2e7f6940dbd49caa72ccbd2fa93baf078b2df9e7928d11e0375b751a4e98e544955cc9dd2335

Score
7/10

Malware Config

Signatures

  • Drops startup file 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09000000000000h.exe
    "C:\Users\Admin\AppData\Local\Temp\09000000000000h.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
      "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\Admin\AppData\Local\Temp\09000000000000h.exe' 'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'
      2⤵
      • Drops startup file
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1188
    • C:\Users\Admin\AppData\Local\Temp\09000000000000h.exe
      "C:\Users\Admin\AppData\Local\Temp\09000000000000h.exe"
      2⤵
        PID:1732
      • C:\Users\Admin\AppData\Local\Temp\09000000000000h.exe
        "C:\Users\Admin\AppData\Local\Temp\09000000000000h.exe"
        2⤵
          PID:1796
        • C:\Users\Admin\AppData\Local\Temp\09000000000000h.exe
          "C:\Users\Admin\AppData\Local\Temp\09000000000000h.exe"
          2⤵
            PID:1756
          • C:\Users\Admin\AppData\Local\Temp\09000000000000h.exe
            "C:\Users\Admin\AppData\Local\Temp\09000000000000h.exe"
            2⤵
              PID:1764
            • C:\Users\Admin\AppData\Local\Temp\09000000000000h.exe
              "C:\Users\Admin\AppData\Local\Temp\09000000000000h.exe"
              2⤵
                PID:1740

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1188-9-0x0000000004750000-0x0000000004751000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1188-11-0x00000000025E0000-0x00000000025E1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1188-28-0x0000000006200000-0x0000000006201000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1188-6-0x0000000000000000-mapping.dmp
              Download
            • memory/1188-7-0x0000000074230000-0x000000007491E000-memory.dmp
              Filesize

              6.9MB

              Download
            • memory/1188-8-0x0000000000F30000-0x0000000000F31000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1188-21-0x0000000005770000-0x0000000005771000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1188-20-0x0000000005670000-0x0000000005671000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1188-15-0x0000000005620000-0x0000000005621000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1188-12-0x0000000005240000-0x0000000005241000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2024-10-0x0000000000480000-0x000000000048F000-memory.dmp
              Filesize

              60KB

              Download
            • memory/2024-2-0x0000000074230000-0x000000007491E000-memory.dmp
              Filesize

              6.9MB

              Download
            • memory/2024-3-0x0000000000390000-0x0000000000391000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2024-5-0x0000000004C40000-0x0000000004CD1000-memory.dmp
              Filesize

              580KB

              Download