Overview

overview

8

Static

static

dottwitch.exe

windows7_x64

dottwitch.exe

windows10_x64

Analysis

  • max time kernel
    36s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    05-03-2021 23:13

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    dottwitch.exe

  • Size

    78KB

  • MD5

    19ca826fb47911d0f28d5f3a581fa04e

  • SHA1

    7f68c84eee75ee8a2357b570140466cdcbacc8eb

  • SHA256

    93b99f8ca3f18926d2405d337bf047fb419c8bfd898aeab2f74108833fca85ae

  • SHA512

    1f4057c5bcd74be122e068ac3a23a8d802aa19136146a06d47720ce797c51ce4982d6e9e10034b5192122f0c0f7f44c199d3146af63eded78cb08c8f1b6bf532

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dottwitch.exe
    "C:\Users\Admin\AppData\Local\Temp\dottwitch.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 544
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:300
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:1504
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x5ac
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1520
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1324

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/300-5-0x0000000000000000-mapping.dmp
        Download
      • memory/300-6-0x0000000001E00000-0x0000000001E11000-memory.dmp
        Filesize

        68KB

        Download
      • memory/300-7-0x0000000000280000-0x0000000000281000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1324-11-0x00000000026E0000-0x00000000026E1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1504-8-0x000007FEFB891000-0x000007FEFB893000-memory.dmp
        Filesize

        8KB

        Download
      • memory/1504-9-0x0000000002840000-0x0000000002841000-memory.dmp
        Filesize

        4KB

        Download
      • memory/2008-2-0x0000000073AF0000-0x00000000741DE000-memory.dmp
        Filesize

        6.9MB

        Download
      • memory/2008-3-0x0000000001290000-0x0000000001291000-memory.dmp
        Filesize

        4KB

        Download