Overview

overview

10

Static

static

TEC20201601.exe

windows7_x64

1

TEC20201601.exe

windows10_x64

10

Resubmissions

17-01-2021 17:09

210117-b6h1y37z22 10

16-01-2021 07:37

210116-a3w2es64as 10

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    17-01-2021 17:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TEC20201601.exe

  • Size

    1.2MB

  • MD5

    19682ff802fd6fc13c896ba4572e9edc

  • SHA1

    c52eed4a18f23464ef7c8968c4a7cad63564d2e6

  • SHA256

    73384c630a5bcbb5201f567aa142fc712df5c2ceb9b61c301a5e4a025af2b3ca

  • SHA512

    31b65796fa7de32a80ab5244edea91642cca0b3161bd82a93d5601bd1f9b28b5de6a6647a053dfcfca2d10a54165dcdff9f221cb49690707b9a4a85719a56dc1

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe
    "C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe
      "C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"
      2⤵
        PID:1336
      • C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe
        "C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"
        2⤵
          PID:556
        • C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe
          "C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"
          2⤵
            PID:592
          • C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe
            "C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"
            2⤵
              PID:1532
            • C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe
              "C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"
              2⤵
                PID:776

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1732-2-0x0000000075AE1000-0x0000000075AE3000-memory.dmp
              Filesize

              8KB

              Download
            • memory/1732-3-0x0000000000920000-0x0000000000921000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1732-33-0x0000000000921000-0x0000000000922000-memory.dmp
              Filesize

              4KB

              Download