Overview

overview

6

Static

static

0b4ab2b854...39.exe

windows7_x64

6

0b4ab2b854...39.exe

windows10_x64

6

Analysis

  • max time kernel
    29s
  • max time network
    38s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    03-06-2021 12:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b4ab2b8547d9d49b35788f9da74b439.exe

  • Size

    4.9MB

  • MD5

    0b4ab2b8547d9d49b35788f9da74b439

  • SHA1

    7452326f93c8dc33695dee74e092aabcac462f3b

  • SHA256

    60e93179fdc24865d5d06c00a6280a224263def03b1d9b081b0edf972ed95ad1

  • SHA512

    89d6ca06231f9b9534d6938e1f698c06ee3ab594351940e2e5ec6b1a8079426bbccf20474a9808848885705627a80cf0511df76e4c5c0b8f56f2a09df3e9bb46

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b4ab2b8547d9d49b35788f9da74b439.exe
    "C:\Users\Admin\AppData\Local\Temp\0b4ab2b8547d9d49b35788f9da74b439.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Users\Admin\AppData\Local\Temp\0b4ab2b8547d9d49b35788f9da74b439.exe
      C:\Users\Admin\AppData\Local\Temp\0b4ab2b8547d9d49b35788f9da74b439.exe
      2⤵
        PID:548

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/548-70-0x0000000140000000-0x00000001407EA000-memory.dmp

      Filesize

      7.9MB

      Download

    • memory/1204-60-0x0000000000E50000-0x0000000000E51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1204-62-0x00000000001C0000-0x00000000001C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1204-67-0x0000000000840000-0x0000000000842000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1204-68-0x0000000000820000-0x0000000000837000-memory.dmp

      Filesize

      92KB

      Download

    • memory/1204-69-0x0000000000846000-0x0000000000865000-memory.dmp

      Filesize

      124KB

      Download