Overview

overview

10

Static

static

TT50020210...72.exe

windows7_x64

1

TT50020210...72.exe

windows10_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    172s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    07-06-2021 13:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TT500202106029589435472.exe

  • Size

    937KB

  • MD5

    85aa9d1b698d8f57b88e32f8a6a31a1a

  • SHA1

    4d4a7f6a9256c37081393aba3e48f188a0aad630

  • SHA256

    ff99d00779dbb0c55d69212b104f4fcf7f52e7ff265df47ee780d6ed84b606e9

  • SHA512

    7f5697ae243993dac743e51b1cee126a782da7c2d405d94e99e22fad6693ec52f76c487c02b60a5cab85f5b554d5db89dc1baae5be76a602b1c44b62175309c4

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe
    "C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1032
    • C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe
      "C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe"
      2⤵
        PID:1596
      • C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe
        "C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe"
        2⤵
          PID:1500
        • C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe
          "C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe"
          2⤵
            PID:1468
          • C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe
            "C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe"
            2⤵
              PID:608
            • C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe
              "C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe"
              2⤵
                PID:1532

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1032-60-0x0000000000350000-0x0000000000351000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1032-62-0x00000000006D0000-0x000000000070B000-memory.dmp
              Filesize

              236KB

              Download
            • memory/1032-63-0x0000000004EC0000-0x0000000004EC1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1032-64-0x00000000004D0000-0x00000000004DF000-memory.dmp
              Filesize

              60KB

              Download