Overview

overview

10

Static

static

10

b16ca55db7...a6.exe

windows7_x64

3

b16ca55db7...a6.exe

windows10_x64

1

Analysis

  • max time kernel
    112s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    09-05-2021 16:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b16ca55db7382ca9e590fd965fb7a88b17ed30c01e814717039dcb6e15b5b3a6.exe

  • Size

    711KB

  • MD5

    0f144b4f24b05a5de5056485f329e1c0

  • SHA1

    83b1302dbf7dac12803bd15edc5de81f5035f78f

  • SHA256

    b16ca55db7382ca9e590fd965fb7a88b17ed30c01e814717039dcb6e15b5b3a6

  • SHA512

    b430b860bd6664b0284f8989684ca3cd8a938d539ad9120219850c34744b4334321966ab13ed2a6274ba24de07aaa32140b19450bd5a8907ffd6908f1fb214e7

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b16ca55db7382ca9e590fd965fb7a88b17ed30c01e814717039dcb6e15b5b3a6.exe
    "C:\Users\Admin\AppData\Local\Temp\b16ca55db7382ca9e590fd965fb7a88b17ed30c01e814717039dcb6e15b5b3a6.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 176
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1100-60-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2008-62-0x0000000000350000-0x0000000000351000-memory.dmp

    Filesize

    4KB

    Download