Overview

overview

10

Static

static

a11cc5051e...in.exe

windows7_x64

5

a11cc5051e...in.exe

windows10_x64

10

Resubmissions

14-04-2021 06:01

210414-le4vga68nn 10

13-04-2021 17:46

210413-1bgrp73q6a 10

Analysis

  • max time kernel
    11s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    14-04-2021 06:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.bin.exe

  • Size

    54KB

  • MD5

    0390938e8a9df14af45e264a128a5bf8

  • SHA1

    f90f83c3dbcbe9b5437316a67a8abe6a101ef4c3

  • SHA256

    a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210

  • SHA512

    c4b8d0d086a7f3c9aa83e2ad5baa36027cd8785878913b7dc0ad698066aaa0f298dec59cb6fb42cf76530c8be9b242bdacfb1253eb02a6ad84a872df4c586e98

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Modifies data under HKEY_USERS 25 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.bin.exe"
    1⤵
      PID:1632
    • C:\Users\Admin\AppData\Local\Temp\a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.bin.exe
      "C:\Users\Admin\AppData\Local\Temp\a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.bin.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2028
      • C:\Users\Admin\AppData\Local\Temp\a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.bin.exe
        "C:\Users\Admin\AppData\Local\Temp\a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.bin.exe"
        2⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1072
        • C:\Users\Admin\AppData\Local\Temp\a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.bin.exe
          C:\Users\Admin\AppData\Local\Temp\a11cc5051e3a88428db495f6d8e4b6381a1cb3fa5946a525ef5c00bfcb44e210.bin.exe -work worker0 job0-1072
          3⤵
            PID:1340
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1732

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1072-62-0x0000000000000000-mapping.dmp
        Download
      • memory/1340-64-0x0000000000000000-mapping.dmp
        Download
      • memory/1632-60-0x0000000075551000-0x0000000075553000-memory.dmp
        Filesize

        8KB

        Download