Overview

overview

10

Static

static

10

49e17b182a...2b.exe

windows7_x64

3

49e17b182a...2b.exe

windows10_x64

1

Analysis

  • max time kernel
    112s
  • max time network
    114s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    09-05-2021 22:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49e17b182ada6830b245c3cf3c30858745c773296da06399b27d40f13bb73d2b.exe

  • Size

    711KB

  • MD5

    b7162b60c053cba5e2669a7dcb469eeb

  • SHA1

    84b8708da687b8837a37920cf9acfd4d8f20a10f

  • SHA256

    49e17b182ada6830b245c3cf3c30858745c773296da06399b27d40f13bb73d2b

  • SHA512

    0efe88799b2a667625ed4afb1d4c97ce80908f476600f9dc5638a8677e43869f1634bef2693102f69f968666b3f0de79ca607115a1b101016f862c52baa5cf67

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49e17b182ada6830b245c3cf3c30858745c773296da06399b27d40f13bb73d2b.exe
    "C:\Users\Admin\AppData\Local\Temp\49e17b182ada6830b245c3cf3c30858745c773296da06399b27d40f13bb73d2b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 176
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1748-59-0x00000000757E1000-0x00000000757E3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1816-61-0x0000000000780000-0x0000000000781000-memory.dmp

    Filesize

    4KB

    Download