Overview

overview

8

Static

static

7f94769671...fa.exe

windows7_x64

3

7f94769671...fa.exe

windows10_x64

8

Analysis

  • max time kernel
    112s
  • max time network
    111s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    11-05-2021 11:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f94769671451d108e8e00e38c5b65dc793ec4213069a6d419cfc3116c0191fa.exe

  • Size

    590KB

  • MD5

    c239adfb4505f89d70669cec4dc1364c

  • SHA1

    a47b03163f78c21242d0eaff14c0fc2238037659

  • SHA256

    7f94769671451d108e8e00e38c5b65dc793ec4213069a6d419cfc3116c0191fa

  • SHA512

    f44f99039fa3b0d2ebade04afdeccc578f578f351f02f67afaa472359eb5c4f3896720dc46b336a7f84e9e42a5865a1b7aff9cb35b2297d7b2fc4b6b600c17d1

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f94769671451d108e8e00e38c5b65dc793ec4213069a6d419cfc3116c0191fa.exe
    "C:\Users\Admin\AppData\Local\Temp\7f94769671451d108e8e00e38c5b65dc793ec4213069a6d419cfc3116c0191fa.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1360
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 48
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1772-59-0x0000000000000000-mapping.dmp
    Download
  • memory/1772-60-0x00000000752B1000-0x00000000752B3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1772-61-0x0000000000300000-0x0000000000326000-memory.dmp
    Filesize

    152KB

    Download