Overview

overview

6

Static

static

TT-3.exe

windows7_x64

6

TT-3.exe

windows10_x64

6

Analysis

  • max time kernel
    149s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    27-06-2021 11:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TT-3.exe

  • Size

    4.9MB

  • MD5

    0b4ab2b8547d9d49b35788f9da74b439

  • SHA1

    7452326f93c8dc33695dee74e092aabcac462f3b

  • SHA256

    60e93179fdc24865d5d06c00a6280a224263def03b1d9b081b0edf972ed95ad1

  • SHA512

    89d6ca06231f9b9534d6938e1f698c06ee3ab594351940e2e5ec6b1a8079426bbccf20474a9808848885705627a80cf0511df76e4c5c0b8f56f2a09df3e9bb46

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TT-3.exe
    "C:\Users\Admin\AppData\Local\Temp\TT-3.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Users\Admin\AppData\Local\Temp\TT-3.exe
      C:\Users\Admin\AppData\Local\Temp\TT-3.exe
      2⤵
        PID:1032

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1032-69-0x0000000140000000-0x00000001407EA000-memory.dmp

      Filesize

      7.9MB

      Download

    • memory/1032-70-0x0000000140000000-mapping.dmp

      Download

    • memory/1912-59-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1912-61-0x00000000001C0000-0x00000000001C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1912-66-0x000000001C390000-0x000000001C392000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1912-67-0x0000000000820000-0x0000000000837000-memory.dmp

      Filesize

      92KB

      Download

    • memory/1912-68-0x000000001C396000-0x000000001C3B5000-memory.dmp

      Filesize

      124KB

      Download