Analysis
-
max time kernel
9s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
26-01-2021 14:19
Static task
static1
Behavioral task
behavioral1
Sample
luckyfr.exe
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
luckyfr.exe
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
luckyfr.exe
-
Size
214KB
-
MD5
13bb24e681ae113fdb4e3747badd113c
-
SHA1
204e1eb03aaab856e14a8236a0c2a832ddaaf6b1
-
SHA256
eb362970c0081effbcdab7ce1f6c91d6921ff7f6e3e8e411238404f8d0549483
-
SHA512
cfd952e973235be7fc2dd0faee818c46d08244073f7b18bba830a9584d29bd2832201942600df7311647cd011786922d30211f9b3f72431170442230bf1265f1
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
luckyfr.exepid process 644 luckyfr.exe 644 luckyfr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
luckyfr.exedescription pid process Token: SeDebugPrivilege 644 luckyfr.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
luckyfr.exedescription pid process target process PID 644 wrote to memory of 1340 644 luckyfr.exe dw20.exe PID 644 wrote to memory of 1340 644 luckyfr.exe dw20.exe PID 644 wrote to memory of 1340 644 luckyfr.exe dw20.exe PID 644 wrote to memory of 1340 644 luckyfr.exe dw20.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\luckyfr.exe"C:\Users\Admin\AppData\Local\Temp\luckyfr.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 5162⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/644-2-0x00000000765E1000-0x00000000765E3000-memory.dmpFilesize
8KB
-
memory/644-3-0x0000000000C30000-0x0000000000C31000-memory.dmpFilesize
4KB
-
memory/1340-4-0x0000000000000000-mapping.dmp
-
memory/1340-5-0x0000000001F10000-0x0000000001F21000-memory.dmpFilesize
68KB
-
memory/1340-7-0x0000000000460000-0x0000000000461000-memory.dmpFilesize
4KB