Overview

overview

7

Static

static

7

SQLDorks.exe

windows7_x64

6

SQLDorks.exe

windows10_x64

6

Analysis

  • max time kernel
    125s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    01-05-2021 11:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SQLDorks.exe

  • Size

    7.2MB

  • MD5

    31c509a0b4f7afb71cf71d79fe919271

  • SHA1

    f0936682d0a6719671be78b6c311851bfb1343cf

  • SHA256

    52786577431ea2e6526843f0ca8815c910c0a57388b43abf6b52b6905181ff7a

  • SHA512

    7cd663f3d602a298d7f66bb24c8be7f638bf9c911175b380ae847eea884f3f0bf8008a9eac7c8c36048c3ac208aa0a0ab3287e507b2ec1ec2717d69f606bb9d6

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: EnumeratesProcesses 41 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SQLDorks.exe
    "C:\Users\Admin\AppData\Local\Temp\SQLDorks.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1776
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:992

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Web Service

    1
    T1102

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/992-87-0x000007FEFBB31000-0x000007FEFBB33000-memory.dmp
      Filesize

      8KB

      Download
    • memory/992-88-0x0000000002840000-0x0000000002841000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1776-76-0x0000000008240000-0x00000000082AE000-memory.dmp
      Filesize

      440KB

      Download
    • memory/1776-77-0x0000000005216000-0x0000000005217000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1776-68-0x0000000005040000-0x0000000005042000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1776-70-0x0000000005200000-0x0000000005201000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1776-71-0x0000000007190000-0x0000000007306000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/1776-73-0x0000000007310000-0x0000000007312000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1776-74-0x0000000006200000-0x000000000622D000-memory.dmp
      Filesize

      180KB

      Download
    • memory/1776-75-0x0000000005205000-0x0000000005216000-memory.dmp
      Filesize

      68KB

      Download
    • memory/1776-59-0x0000000075C31000-0x0000000075C33000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1776-66-0x00000000027B0000-0x00000000027D0000-memory.dmp
      Filesize

      128KB

      Download
    • memory/1776-78-0x0000000005217000-0x0000000005218000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1776-79-0x0000000005218000-0x0000000005219000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1776-80-0x00000000082B0000-0x000000000835A000-memory.dmp
      Filesize

      680KB

      Download
    • memory/1776-82-0x000000000A3F0000-0x000000000A3F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1776-85-0x0000000005219000-0x000000000521A000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1776-86-0x000000000521A000-0x000000000521B000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1776-63-0x0000000010000000-0x00000000101C3000-memory.dmp
      Filesize

      1.8MB

      Download
    • memory/1776-60-0x0000000000400000-0x0000000000402000-memory.dmp
      Filesize

      8KB

      Download