Overview

overview

10

Static

static

10

db06c9524b...97.exe

windows7_x64

3

db06c9524b...97.exe

windows10_x64

1

Analysis

  • max time kernel
    111s
  • max time network
    8s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    08-05-2021 18:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db06c9524b0524c507be935e993b25507f3c172e4b84e0a20fdd376f84c03197.exe

  • Size

    711KB

  • MD5

    966fd91aa304fb68d416e5893132be70

  • SHA1

    13af5a3a8241d1b6e65b07016d1be83b979d812f

  • SHA256

    db06c9524b0524c507be935e993b25507f3c172e4b84e0a20fdd376f84c03197

  • SHA512

    935d0a6330a2c7b16827887ec82bfbd057a7bf7c4473ded7458dfa7bfd12c82c085e17d2ef9c20de9d5b98a54e06eda14ec174cff0a19b757469f4c11f925b02

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db06c9524b0524c507be935e993b25507f3c172e4b84e0a20fdd376f84c03197.exe
    "C:\Users\Admin\AppData\Local\Temp\db06c9524b0524c507be935e993b25507f3c172e4b84e0a20fdd376f84c03197.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1084
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 176
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1084-60-0x00000000752F1000-0x00000000752F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1228-62-0x0000000001E30000-0x0000000001E31000-memory.dmp

    Filesize

    4KB

    Download