Overview

overview

10

Static

static

10

403990C6CB...81.exe

windows7_x64

7

403990C6CB...81.exe

windows10_x64

7

Analysis

  • max time kernel
    39s
  • max time network
    170s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    15-08-2021 17:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    403990C6CBB042F7C1F5E57177272F81.exe

  • Size

    1.3MB

  • MD5

    403990c6cbb042f7c1f5e57177272f81

  • SHA1

    ab9ef44ed7b93ecf7b6c43f23d75a3f2dc9d5a1b

  • SHA256

    42af92e5be37c1daddda7672372a39ccebb24d31d2ea65bec2a74dfbc3a4e82c

  • SHA512

    cb1adffb69f4ff6a62257325504cebc41d22f41910a41eae9c04ec5327da9f58fb652e79b87f580c7ac6f81f27cf2fba77b4fc3947b27dd59ae376f2d7c57ee5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\403990C6CBB042F7C1F5E57177272F81.exe
    "C:\Users\Admin\AppData\Local\Temp\403990C6CBB042F7C1F5E57177272F81.exe"
    1⤵
    • Loads dropped DLL
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:740
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2qtaranl.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2964
      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
        C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE48A.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCE47A.tmp"
        3⤵
          PID:1388

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/740-126-0x0000000002B89000-0x0000000002B8A000-memory.dmp

      Filesize

      4KB

      Download

    • memory/740-115-0x0000000002B80000-0x0000000002B82000-memory.dmp

      Filesize

      8KB

      Download

    • memory/740-117-0x0000000002B84000-0x0000000002B85000-memory.dmp

      Filesize

      4KB

      Download

    • memory/740-127-0x0000000002B87000-0x0000000002B89000-memory.dmp

      Filesize

      8KB

      Download

    • memory/740-128-0x0000000002B8A000-0x0000000002B8F000-memory.dmp

      Filesize

      20KB

      Download

    • memory/740-129-0x000000001D862000-0x000000001D865000-memory.dmp

      Filesize

      12KB

      Download

    • memory/740-131-0x000000001D867000-0x000000001D868000-memory.dmp

      Filesize

      4KB

      Download

    • memory/740-130-0x000000001D868000-0x000000001D86A000-memory.dmp

      Filesize

      8KB

      Download

    • memory/740-132-0x000000001D86A000-0x000000001D86B000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-121-0x00000000022B0000-0x00000000022B2000-memory.dmp

      Filesize

      8KB

      Download