Overview

overview

6

Static

static

TT-3.exe

windows7_x64

6

TT-3.exe

windows10_x64

6

Analysis

  • max time kernel
    28s
  • max time network
    120s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    27-06-2021 11:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TT-3.exe

  • Size

    4.9MB

  • MD5

    0b4ab2b8547d9d49b35788f9da74b439

  • SHA1

    7452326f93c8dc33695dee74e092aabcac462f3b

  • SHA256

    60e93179fdc24865d5d06c00a6280a224263def03b1d9b081b0edf972ed95ad1

  • SHA512

    89d6ca06231f9b9534d6938e1f698c06ee3ab594351940e2e5ec6b1a8079426bbccf20474a9808848885705627a80cf0511df76e4c5c0b8f56f2a09df3e9bb46

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TT-3.exe
    "C:\Users\Admin\AppData\Local\Temp\TT-3.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Users\Admin\AppData\Local\Temp\TT-3.exe
      C:\Users\Admin\AppData\Local\Temp\TT-3.exe
      2⤵
        PID:2816

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TT-3.exe.log
      MD5

      b06e5d6c8214be4608b8c198376f0eee

      SHA1

      6e0c6c98db308abd93600784b99a9fecbcdf3925

      SHA256

      d771781af6b667b92e20d3e59fd0a470faeb137cb1bfb463b53c8c7c35514adb

      SHA512

      65992a063a9b22582251c346fc458ff3da87a8f1165285ba1e2f5abbb2c646a9f8c4a67307d0000254654406dbb48aec13bfc68d6bfddab5028822fd2a0842c3

      Download Submit

    • memory/808-114-0x0000000000620000-0x0000000000621000-memory.dmp

      Filesize

      4KB

      Download

    • memory/808-116-0x00000000012F0000-0x00000000012F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/808-121-0x00000000014D0000-0x00000000014D2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/808-122-0x0000000001370000-0x0000000001387000-memory.dmp

      Filesize

      92KB

      Download

    • memory/808-124-0x00000000014D4000-0x00000000014D6000-memory.dmp

      Filesize

      8KB

      Download

    • memory/808-123-0x00000000014D2000-0x00000000014D4000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2816-125-0x0000000140000000-0x00000001407EA000-memory.dmp

      Filesize

      7.9MB

      Download

    • memory/2816-126-0x0000000140000000-mapping.dmp

      Download