Overview

overview

10

Static

static

zff.exe

windows7_x64

1

zff.exe

windows10_x64

10

Analysis

  • max time kernel
    48s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    15-01-2021 07:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zff.exe

  • Size

    847KB

  • MD5

    0ed4cfe2f4a7502eb706a6ca9d5234c4

  • SHA1

    bf2eb1aa835f79d8a105fa29872025ad104cba08

  • SHA256

    99becf56c35d26373e199fdeba79ee2b51eaf5c761b651136b5007af09e140ea

  • SHA512

    1a54618d883a527f4f96ccb4b28020f48c3c8318fd0ff2ec454da4a12e31ce2eda05f9653f04b15479c8e8a789c977905b562465351693728e165025e60a7849

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\zff.exe
    "C:\Users\Admin\AppData\Local\Temp\zff.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Users\Admin\AppData\Local\Temp\zff.exe
      "{path}"
      2⤵
        PID:1528
      • C:\Users\Admin\AppData\Local\Temp\zff.exe
        "{path}"
        2⤵
          PID:1508
        • C:\Users\Admin\AppData\Local\Temp\zff.exe
          "{path}"
          2⤵
            PID:1572
          • C:\Users\Admin\AppData\Local\Temp\zff.exe
            "{path}"
            2⤵
              PID:1496
            • C:\Users\Admin\AppData\Local\Temp\zff.exe
              "{path}"
              2⤵
                PID:316

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1204-2-0x00000000740B0000-0x000000007479E000-memory.dmp
              Filesize

              6.9MB

              Download
            • memory/1204-3-0x0000000000390000-0x0000000000391000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1204-5-0x00000000005C0000-0x00000000005CE000-memory.dmp
              Filesize

              56KB

              Download
            • memory/1204-6-0x00000000051D0000-0x000000000528E000-memory.dmp
              Filesize

              760KB

              Download