4a9006cf3b6e40360af21fbc2c9c419a58212f9fc06cb2a534240790a2e6dbac

Submit
Reports

Overview

overview

Static

static

122de0842b...0d.exe

windows7_x64

122de0842b...0d.exe

windows10_x64

21837bd6a7...27.exe

windows7_x64

21837bd6a7...27.exe

windows10_x64

30131519d2...fc.exe

windows7_x64

30131519d2...fc.exe

windows10_x64

3be39aebff...7a.exe

windows7_x64

3be39aebff...7a.exe

windows10_x64

5514456013...b8.exe

windows7_x64

5514456013...b8.exe

windows10_x64

61d44476de...3e.exe

windows7_x64

61d44476de...3e.exe

windows10_x64

6ee50d84fd...c3.exe

windows7_x64

6ee50d84fd...c3.exe

windows10_x64

82c04fda59...b5.exe

windows7_x64

82c04fda59...b5.exe

windows10_x64

a101cc8e9f...75.exe

windows7_x64

a101cc8e9f...75.exe

windows10_x64

b5674726f7...b0.exe

windows7_x64

b5674726f7...b0.exe

windows10_x64

c939f36967...08.exe

windows7_x64

c939f36967...08.exe

windows10_x64

de36168cfc...49.exe

windows7_x64

de36168cfc...49.exe

windows10_x64

eb9775066c...4d.exe

windows7_x64

eb9775066c...4d.exe

windows10_x64

Analysis

max time kernel
4s
max time network
13s
platform
windows7_x64
resource
win7v20201028
submitted
26-01-2021 02:37

Sharing

Copy URL

Twitter E-mail

Static task

static1

vmprotect upx

Behavioral task

behavioral1

Sample

122de0842b4df547c9bddfb0b594a1b8f8b55da501c6f35b038153981cf1870d.exe

Resource

win7v20201028

persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

122de0842b4df547c9bddfb0b594a1b8f8b55da501c6f35b038153981cf1870d.exe

Resource

win10v20201028

persistence

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

21837bd6a795e92f326fe1a26523411408c5e8ad38054353c55ffc514e72b927.exe

Resource

win7v20201028

amadey trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

21837bd6a795e92f326fe1a26523411408c5e8ad38054353c55ffc514e72b927.exe

Resource

win10v20201028

amadey trojan upx

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

30131519d29744c302b7cc68898c5238358a75a0c01d398b3df894896620cbfc.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

30131519d29744c302b7cc68898c5238358a75a0c01d398b3df894896620cbfc.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

3be39aebffed61e79f7bd2405d3e2722a1cf388a820b819ff76c1c1a132fd37a.exe

Resource

win7v20201028

persistence vmprotect

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

3be39aebffed61e79f7bd2405d3e2722a1cf388a820b819ff76c1c1a132fd37a.exe

Resource

win10v20201028

persistence vmprotect

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

5514456013c5492e1f41e7a6a59cba1bdc6d1555c5b169992aba575cb34cb0b8.exe

Resource

win7v20201028

agenttesla keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

5514456013c5492e1f41e7a6a59cba1bdc6d1555c5b169992aba575cb34cb0b8.exe

Resource

win10v20201028

agenttesla keylogger persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral11

Sample

61d44476deb3368a54bb936e56a7aadb9226e78b88f67f939ed1cf0932f3263e.exe

Resource

win7v20201028

miner persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral12

Sample

61d44476deb3368a54bb936e56a7aadb9226e78b88f67f939ed1cf0932f3263e.exe

Resource

win10v20201028

miner persistence

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral13

Sample

6ee50d84fd4795440107550e6581ccb981f87dff2f216e5cc5a0314144b83ec3.exe

Resource

win7v20201028

persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral14

Sample

6ee50d84fd4795440107550e6581ccb981f87dff2f216e5cc5a0314144b83ec3.exe

Resource

win10v20201028

persistence

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral15

Sample

82c04fda5985f51abe024bfda867bc3aaa0ffd26a500cd7cc40f8238df9b1eb5.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral16

Sample

82c04fda5985f51abe024bfda867bc3aaa0ffd26a500cd7cc40f8238df9b1eb5.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral17

Sample

a101cc8e9f1eac76c6fc006e9e746b59dc94b73e1358803ad94d70a0938d3a75.exe

Resource

win7v20201028

evasion persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral18

Sample

a101cc8e9f1eac76c6fc006e9e746b59dc94b73e1358803ad94d70a0938d3a75.exe

Resource

win10v20201028

evasion persistence

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral19

Sample

b5674726f7f51d5880211f8ca8aea069bc6fc758794748117db27b8df25a12b0.exe

Resource

win7v20201028

persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral20

Sample

b5674726f7f51d5880211f8ca8aea069bc6fc758794748117db27b8df25a12b0.exe

Resource

win10v20201028

persistence pyinstaller spyware upx

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral21

Sample

c939f36967412e7e4c1a893ac6c9d38eee2d49516bd9168af2e0a33819ffe708.exe

Resource

win7v20201028

persistence upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral22

Sample

c939f36967412e7e4c1a893ac6c9d38eee2d49516bd9168af2e0a33819ffe708.exe

Resource

win10v20201028

persistence upx

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral23

Sample

de36168cfc6c51cd53027916aea1b4227ab736e517319804b826c8d4a3006149.exe

Resource

win7v20201028

xmrig discovery evasion miner persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral24

Sample

de36168cfc6c51cd53027916aea1b4227ab736e517319804b826c8d4a3006149.exe

Resource

win10v20201028

xmrig discovery evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral25

Sample

eb9775066c55310131db50ee2606fb66353e4c694d5713abaddd2293806ac34d.exe

Resource

win7v20201028

amadey trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral26

Sample

eb9775066c55310131db50ee2606fb66353e4c694d5713abaddd2293806ac34d.exe

Resource

win10v20201028

amadey trojan

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

82c04fda5985f51abe024bfda867bc3aaa0ffd26a500cd7cc40f8238df9b1eb5.exe

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

82c04fda5985f51abe024bfda867bc3aaa0ffd26a500cd7cc40f8238df9b1eb5.exe

pid process

1204 82c04fda5985f51abe024bfda867bc3aaa0ffd26a500cd7cc40f8238df9b1eb5.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

82c04fda5985f51abe024bfda867bc3aaa0ffd26a500cd7cc40f8238df9b1eb5.exe

description pid process

Token: SeDebugPrivilege 1204 82c04fda5985f51abe024bfda867bc3aaa0ffd26a500cd7cc40f8238df9b1eb5.exe

pid	process
1204	82c04fda5985f51abe024bfda867bc3aaa0ffd26a500cd7cc40f8238df9b1eb5.exe

description	pid	process
Token: SeDebugPrivilege	1204	82c04fda5985f51abe024bfda867bc3aaa0ffd26a500cd7cc40f8238df9b1eb5.exe

Processes

C:\Users\Admin\AppData\Local\Temp\82c04fda5985f51abe024bfda867bc3aaa0ffd26a500cd7cc40f8238df9b1eb5.exe
"C:\Users\Admin\AppData\Local\Temp\82c04fda5985f51abe024bfda867bc3aaa0ffd26a500cd7cc40f8238df9b1eb5.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1204-2-0x000007FEF5BE0000-0x000007FEF65CC000-memory.dmp

Filesize
9.9MB

Download
memory/1204-3-0x0000000001230000-0x0000000001231000-memory.dmp

Filesize
4KB

Download