Overview

overview

10

Static

static

10

2f3b45d9d8...8e.exe

windows7_x64

3

2f3b45d9d8...8e.exe

windows10_x64

1

Analysis

  • max time kernel
    114s
  • max time network
    115s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    11-05-2021 17:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f3b45d9d88f18898b9859b19a1dfd7e2df6ac7c84e91d347d4346af53a26f8e.exe

  • Size

    711KB

  • MD5

    7d9c4cea1eedd1f89b584d3d8a729aff

  • SHA1

    6a8172de980a0103f13db3ef1b90ac6a284f176d

  • SHA256

    2f3b45d9d88f18898b9859b19a1dfd7e2df6ac7c84e91d347d4346af53a26f8e

  • SHA512

    c90d4d743c7424baa0dee98a0ddf1df9f409e0aa4c1f991a1a086f3c6c8ad8c2de43f1f3b87bb9899968dcf806a6c93e4fce665df76ed579eeebd754df7ab47b

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f3b45d9d88f18898b9859b19a1dfd7e2df6ac7c84e91d347d4346af53a26f8e.exe
    "C:\Users\Admin\AppData\Local\Temp\2f3b45d9d88f18898b9859b19a1dfd7e2df6ac7c84e91d347d4346af53a26f8e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 176
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1492-62-0x0000000001CF0000-0x0000000001CF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1684-60-0x0000000075B31000-0x0000000075B33000-memory.dmp

    Filesize

    8KB

    Download