Overview

overview

10

Static

static

10

3072193fbb...36.exe

windows7_x64

1

3072193fbb...36.exe

windows10_x64

7

Analysis

  • max time kernel
    111s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    16-06-2021 12:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3072193fbb271c8400b427bfd22ac936.exe

  • Size

    214KB

  • MD5

    3072193fbb271c8400b427bfd22ac936

  • SHA1

    be521f536e9766c6faf840315c9bedab8501b023

  • SHA256

    d696d93b0b75d1fcd1c14fddc65cbbd7fb96bf706a04a608174d9828b1e344da

  • SHA512

    0e704c1fbb4b55d8d78edaa4b051d6188c27f6d1b44ebc14b755ea86e7f53b80bdba931926aa14e5419794475d017c0d36318c81ea52ace6220eca210cd8b877

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3072193fbb271c8400b427bfd22ac936.exe
    "C:\Users\Admin\AppData\Local\Temp\3072193fbb271c8400b427bfd22ac936.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1012
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 516
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1012-60-0x00000000757E1000-0x00000000757E3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1012-61-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2044-62-0x0000000000000000-mapping.dmp

    Download

  • memory/2044-64-0x0000000000520000-0x000000000055C000-memory.dmp

    Filesize

    240KB

    Download