Overview

overview

10

Static

static

test.exe

windows7_x64

1

test.exe

windows10_x64

10

Analysis

  • max time kernel
    308s
  • max time network
    541s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    07-09-2021 21:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test.exe

  • Size

    122KB

  • MD5

    8caff4cc2912c52106d9056a7db5eb2d

  • SHA1

    eee8742ac37e85e9c9b8a1d22477f080485ad9f9

  • SHA256

    cfc5adfc61d1f34802ac65a474ace9ffe5007f859b2062b2297a1f047da96bda

  • SHA512

    d3ba58afa9dc30ef354dd6e126092b5e0ea33e753c0d081a2895054446b5e9b28d5a7efdcc2c80be47b4deaf5bf3a7c5de6f985abd55d98e048d674b0444b63f

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\test.exe
    "C:\Users\Admin\AppData\Local\Temp\test.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1400
    • C:\Users\Admin\AppData\Local\Temp\test.exe
      "C:\Users\Admin\AppData\Local\Temp\test.exe" /normal.priviledge
      2⤵
        PID:2708
    • \??\c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k netsvcs -s seclogon
      1⤵
      • Suspicious use of NtCreateUserProcessOtherParentProcess
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2524

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2708-116-0x0000000000000000-mapping.dmp

      Download