Overview

overview

6

Static

static

Offer.exe

windows7_x64

6

Offer.exe

windows10_x64

5

Analysis

  • max time kernel
    145s
  • max time network
    112s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    18-01-2021 08:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Offer.exe

  • Size

    1.5MB

  • MD5

    584fec93c4d3af107c1b364f5090de14

  • SHA1

    e8635b77f7a7d2c0b8358d534ac4aaa069d7cef7

  • SHA256

    df75e05fcf2ca53ab96a989a800b33574bff0c9d4e8171e2baaaad9358a914bf

  • SHA512

    b03531d91ecdefbe85ba6abfd48edcbcf9dff4791d4383dd6e0898e992afa7ae95f47af52dfcbcdfdaaf90a597dd08938429f1a483a0f418a764f2d2825240e8

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Offer.exe
    "C:\Users\Admin\AppData\Local\Temp\Offer.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4052
    • C:\Users\Admin\AppData\Local\Temp\Offer.exe
      "C:\Users\Admin\AppData\Local\Temp\Offer.exe"
      2⤵
        PID:1892
      • C:\Users\Admin\AppData\Local\Temp\Offer.exe
        "C:\Users\Admin\AppData\Local\Temp\Offer.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2868

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Offer.exe.log
      MD5

      65f1f0c7993639f9f9e1d524224a2c93

      SHA1

      5b51a6a56f3041dbc2d3f510252bbe68ffbbc59c

      SHA256

      e582e80a644a998d1b2958bdcb0cd1e899076befa7c5e868d033b3fe75a2ca93

      SHA512

      3e8953968bbc31f3105a0df28b95edfb4cee8af78ec527d47707b82e3d5fc2aa725fca574de3c963da53614e60d282408b21d075eed007be25679e9458bf1c23

      Download Submit
    • memory/2868-14-0x0000000000400000-0x000000000043C000-memory.dmp
      Filesize

      240KB

      Download
    • memory/2868-22-0x0000000005A70000-0x0000000005A71000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2868-17-0x0000000073820000-0x0000000073F0E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/2868-15-0x00000000004376EE-mapping.dmp
      Download
    • memory/4052-7-0x0000000007730000-0x0000000007731000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4052-9-0x00000000078F0000-0x00000000078F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4052-10-0x0000000008090000-0x0000000008091000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4052-11-0x00000000078E0000-0x00000000078E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4052-12-0x0000000004B20000-0x0000000004B33000-memory.dmp
      Filesize

      76KB

      Download
    • memory/4052-13-0x0000000000D20000-0x0000000000DD5000-memory.dmp
      Filesize

      724KB

      Download
    • memory/4052-8-0x00000000076A0000-0x00000000076A1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4052-2-0x0000000073820000-0x0000000073F0E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/4052-6-0x0000000007B90000-0x0000000007B91000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4052-5-0x00000000075F0000-0x00000000075F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4052-3-0x0000000000640000-0x0000000000641000-memory.dmp
      Filesize

      4KB

      Download