Overview

overview

10

Static

static

PI.exe

windows7_x64

1

PI.exe

windows10_x64

10

Analysis

  • max time kernel
    105s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    23-04-2021 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PI.exe

  • Size

    893KB

  • MD5

    2c2689d8df4d2bcfa0ed7ec258dd2995

  • SHA1

    b709bf1f74f0788bf531f6456377de5f11d3cbad

  • SHA256

    347d1f815da2688725cc8fe7bfa9cc5369800b8d30bcddce7ac4bc6a21f972e7

  • SHA512

    bad3421f762bf2376b9f8414008d8fe427612afcef7b202c31baed0d93e46ef19bcb67696a950438aedb0f4fee491f274fccc1c4d47262e4af60f81ba5e52ee9

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PI.exe
    "C:\Users\Admin\AppData\Local\Temp\PI.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Users\Admin\AppData\Local\Temp\PI.exe
      "C:\Users\Admin\AppData\Local\Temp\PI.exe"
      2⤵
        PID:1504
      • C:\Users\Admin\AppData\Local\Temp\PI.exe
        "C:\Users\Admin\AppData\Local\Temp\PI.exe"
        2⤵
          PID:1564
        • C:\Users\Admin\AppData\Local\Temp\PI.exe
          "C:\Users\Admin\AppData\Local\Temp\PI.exe"
          2⤵
            PID:1708
          • C:\Users\Admin\AppData\Local\Temp\PI.exe
            "C:\Users\Admin\AppData\Local\Temp\PI.exe"
            2⤵
              PID:1616
            • C:\Users\Admin\AppData\Local\Temp\PI.exe
              "C:\Users\Admin\AppData\Local\Temp\PI.exe"
              2⤵
                PID:1840

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1684-60-0x00000000003E0000-0x00000000003E1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1684-62-0x00000000006A0000-0x0000000000720000-memory.dmp
              Filesize

              512KB

              Download
            • memory/1684-63-0x0000000004DF0000-0x0000000004DF1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1684-64-0x0000000000510000-0x0000000000519000-memory.dmp
              Filesize

              36KB

              Download
            • memory/1684-65-0x0000000004E30000-0x0000000004EB6000-memory.dmp
              Filesize

              536KB

              Download
            • memory/1684-66-0x0000000000A20000-0x0000000000A60000-memory.dmp
              Filesize

              256KB

              Download