Overview

overview

8

Static

static

8

fcc595f22b...ea.exe

windows7_x64

5

fcc595f22b...ea.exe

windows10_x64

1

Analysis

  • max time kernel
    62s
  • max time network
    122s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    05-03-2021 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fcc595f22b212b4e0cce8a9ac0849fea.exe

  • Size

    377KB

  • MD5

    fcc595f22b212b4e0cce8a9ac0849fea

  • SHA1

    6aa5c48c9bd9794b35d42e1a5053fccbb4a4823a

  • SHA256

    a4ab08ff70e6117f5ca89a99fa94d63ba3468a7c97e2efc4d8ed6c634bb97671

  • SHA512

    715ca8e30229c0f9f21427a253a9803ea85f6ba049ab7936816d9cf7c4a559691075ba918278ecf0ea8944c7e11c710ef87fd729c5ac265cb67fddab52e1bfee

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 16 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fcc595f22b212b4e0cce8a9ac0849fea.exe
    "C:\Users\Admin\AppData\Local\Temp\fcc595f22b212b4e0cce8a9ac0849fea.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:988
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -executionpolicy bypass C:\Users\Admin\AppData\Roaming\ykZORLMXT.ps1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3872-2-0x0000000000000000-mapping.dmp
    Download
  • memory/3872-3-0x0000000072960000-0x000000007304E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/3872-4-0x0000000006BE0000-0x0000000006BE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3872-5-0x0000000007380000-0x0000000007381000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3872-6-0x00000000072D0000-0x00000000072D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3872-7-0x0000000007B90000-0x0000000007B91000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3872-8-0x0000000007C70000-0x0000000007C71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3872-9-0x0000000007CE0000-0x0000000007CE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3872-10-0x0000000006D40000-0x0000000006D41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3872-11-0x0000000006D42000-0x0000000006D43000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3872-12-0x0000000007A70000-0x0000000007A71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3872-13-0x00000000080F0000-0x00000000080F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3872-14-0x00000000083C0000-0x00000000083C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3872-15-0x0000000006D43000-0x0000000006D44000-memory.dmp
    Filesize

    4KB

    Download