Overview

overview

8

Static

static

3

gen.exe

windows7_x64

gen.exe

windows10_x64

Analysis

  • max time kernel
    76s
  • max time network
    9s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    05-03-2021 02:17

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    gen.exe

  • Size

    7.1MB

  • MD5

    ac5874a4074d3f6daf8717e16476e355

  • SHA1

    52fa45d972da9a90d725839654b1b6d05e13bf5f

  • SHA256

    519a5e542e845e29039e769973ed337c6b5253dcd31e92cf63df7a22e916ee5d

  • SHA512

    b62c53e2efb8db4ffed44983e68ed0a2c47be65ee31b814f6d74e6b636335ad170151bf49849dcd5544c435a2385c8e44d1c1287b4f424c0f7d99fd190969e5d

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\gen.exe
    "C:\Users\Admin\AppData\Local\Temp\gen.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1616
    • C:\Users\Admin\AppData\Local\Temp\gen.exe
      "C:\Users\Admin\AppData\Local\Temp\gen.exe"
      2⤵
      • Loads dropped DLL
      PID:1952
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:1352
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x598
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:860
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:888

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_MEI16162\python39.dll
        MD5

        088904a7f5b53107db42e15827e3af98

        SHA1

        1768e7fb1685410e188f663f5b259710f597e543

        SHA256

        3761c232e151e9ceaf6c7d37b68da3df1962e3106e425cc3937d1f60170f3718

        SHA512

        c5edc25fd9a37673f769af1a1fd540b41e68351bc30b44bc83a1d0d4a8fb078888bbb31173a77ef47698631c9816bc05637b499c20d63e3d65457d9aa4bc2c6b

        Download Submit
      • \Users\Admin\AppData\Local\Temp\_MEI16162\python39.dll
        MD5

        088904a7f5b53107db42e15827e3af98

        SHA1

        1768e7fb1685410e188f663f5b259710f597e543

        SHA256

        3761c232e151e9ceaf6c7d37b68da3df1962e3106e425cc3937d1f60170f3718

        SHA512

        c5edc25fd9a37673f769af1a1fd540b41e68351bc30b44bc83a1d0d4a8fb078888bbb31173a77ef47698631c9816bc05637b499c20d63e3d65457d9aa4bc2c6b

        Download Submit
      • memory/888-8-0x00000000028F0000-0x00000000028F1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1352-5-0x000007FEFC251000-0x000007FEFC253000-memory.dmp
        Filesize

        8KB

        Download
      • memory/1352-6-0x0000000002840000-0x0000000002841000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1952-2-0x0000000000000000-mapping.dmp
        Download