Overview

overview

7

Static

static

Mercurial.exe

windows7_x64

7

Mercurial.exe

windows10_x64

7

Analysis

  • max time kernel
    74s
  • max time network
    77s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    26-09-2021 21:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Mercurial.exe

  • Size

    7.9MB

  • MD5

    8cad58c674edbe5bafe3a7f3b690e450

  • SHA1

    ba629864335ffef2a62808384087deb45342b755

  • SHA256

    7900f7e9e009679cb581de76d7535e55ec92ac7aca7074dbdb24c6e28baf7b0e

  • SHA512

    e0a5936c75920cd35e2ee96d7810c932a77a5cdc7752e75af660069ba88016cbb75dcd17fe944e86ecdd6083e1066dab4abb4ebd36bb019d81982cc39653a125

Score
7/10
spywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\Mercurial.exe
    "C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:636
    • C:\Windows\system32\nslookup.exe
      nslookup -type=mx 154.61.71.13
      2⤵
        PID:368

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/368-114-0x0000000000000000-mapping.dmp

      Download