Overview

overview

10

Static

static

T.exe

windows7_x64

1

T.exe

windows10_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    19-10-2021 13:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    T.exe

  • Size

    443KB

  • MD5

    1c27ee819a947bdd8c1af79c7214cb58

  • SHA1

    12d9fa922346b4f85675ce66a591ce4527b27ad1

  • SHA256

    d23a0a7b5858a8eb226c84fa74633b5d1e369b9a126c98b5d716e2e861efff77

  • SHA512

    d748b198acd8857a1854f3005b9699b297fb4760d7c59add57681ac88d403ad34eeccba9db9fff08090004415c311211c371aa28505a5d5bf1bdc8177587015e

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\T.exe
    "C:\Users\Admin\AppData\Local\Temp\T.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Users\Admin\AppData\Local\Temp\T.exe
      "C:\Users\Admin\AppData\Local\Temp\T.exe"
      2⤵
        PID:772
      • C:\Users\Admin\AppData\Local\Temp\T.exe
        "C:\Users\Admin\AppData\Local\Temp\T.exe"
        2⤵
          PID:516
        • C:\Users\Admin\AppData\Local\Temp\T.exe
          "C:\Users\Admin\AppData\Local\Temp\T.exe"
          2⤵
            PID:720
          • C:\Users\Admin\AppData\Local\Temp\T.exe
            "C:\Users\Admin\AppData\Local\Temp\T.exe"
            2⤵
              PID:1284
            • C:\Users\Admin\AppData\Local\Temp\T.exe
              "C:\Users\Admin\AppData\Local\Temp\T.exe"
              2⤵
                PID:384

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1544-53-0x0000000000390000-0x0000000000391000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1544-55-0x0000000074B91000-0x0000000074B93000-memory.dmp
              Filesize

              8KB

              Download
            • memory/1544-56-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1544-57-0x00000000005B0000-0x00000000005B5000-memory.dmp
              Filesize

              20KB

              Download
            • memory/1544-58-0x00000000056D0000-0x0000000005738000-memory.dmp
              Filesize

              416KB

              Download