Analysis
-
max time kernel
19s -
max time network
119s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
09-06-2021 16:49
General
-
Target
sample.exe
-
Size
41KB
-
MD5
b580c140a245f68291f7d4159272beeb
-
SHA1
96d61bb4105f2a331bb3d7b733d77666286e8954
-
SHA256
291dd93ff5ffd7c8c108767855b77b3a1fbae2755cc650b884f42e1903884041
-
SHA512
5241380c3613e11de37c2125de09b80933b4bd2e8a1def667fd035bea3f0a7c5e5d7707d940fea8d7e4aab1030fac0c03318e84717ba2feccfad7f01b0b1e676
Score
10/10
Malware Config
Extracted
Credentials
Protocol: smtp- Host:
mail.cock.li - Port:
587 - Username:
SendServerInfo@hitler.rocks - Password:
jesuscrypt
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 28 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\sample.exe"C:\Users\Admin\AppData\Local\Temp\sample.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 17242⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 17402⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/624-114-0x0000000000C90000-0x0000000000C91000-memory.dmpFilesize
4KB
-
memory/624-116-0x0000000005B70000-0x0000000005B71000-memory.dmpFilesize
4KB
-
memory/624-117-0x0000000005530000-0x0000000005531000-memory.dmpFilesize
4KB
-
memory/624-118-0x0000000005670000-0x0000000005B6E000-memory.dmpFilesize
5.0MB
-
memory/624-119-0x0000000005770000-0x0000000005771000-memory.dmpFilesize
4KB