Overview

overview

10

Static

static

8

03ff897da4...b3.exe

windows7_x64

7

03ff897da4...b3.exe

windows10_x64

7

10493d98a6...41.exe

windows7_x64

7

10493d98a6...41.exe

windows10_x64

7

11747d3247...67.exe

windows7_x64

7

11747d3247...67.exe

windows10_x64

San11 Tc/D...eg.htm

windows7_x64

1

San11 Tc/D...eg.htm

windows10_x64

1

San11 Tc/DrvMgt.dll

windows7_x64

1

San11 Tc/DrvMgt.dll

windows10_x64

1

San11 Tc/L...es.exe

windows7_x64

1

San11 Tc/L...es.exe

windows10_x64

1

San11 Tc/S...er.exe

windows7_x64

1

San11 Tc/S...er.exe

windows10_x64

1

San11 Tc/S...er.exe

windows7_x64

1

San11 Tc/S...er.exe

windows10_x64

1

San11 Tc/S...YS.exe

windows7_x64

San11 Tc/S...YS.exe

windows10_x64

San11 Tc/San11.exe

windows7_x64

8

San11 Tc/San11.exe

windows10_x64

8

San11 Tc/san11pk.exe

windows7_x64

3

San11 Tc/san11pk.exe

windows10_x64

1

San11 Tc/�...��.exe

windows7_x64

3

San11 Tc/�...��.exe

windows10_x64

10

23c9e16cc6...7b.exe

windows7_x64

5

23c9e16cc6...7b.exe

windows10_x64

5

36a18ae31f...d0.exe

windows7_x64

7

36a18ae31f...d0.exe

windows10_x64

7

4109a062b3...d4.exe

windows7_x64

8

4109a062b3...d4.exe

windows10_x64

8

CW3.exe

windows7_x64

1

CW3.exe

windows10_x64

1

Analysis

  • max time kernel
    79s
  • max time network
    144s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    20-10-2021 15:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CW3.exe

  • Size

    15.4MB

  • MD5

    c67252dc22f8b34524d9fcc1256d738d

  • SHA1

    56917892ceae7df9056f12b419aa8c5eec3f1bae

  • SHA256

    e738a7ee12e2eafb48366e84f8cd089c4433d2a2223954f3642a1c71ce80e456

  • SHA512

    351877cc61e747b8b6c24e72a2d183024d6b2e3333be5c47f2efa3941cc2298f972e92d7367226cdf0841fec4ca53fdde3a067ae75b4f5521ef9c5d4feded672

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CW3.exe
    "C:\Users\Admin\AppData\Local\Temp\CW3.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2136

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2136-116-0x0000000004F90000-0x0000000005090000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/2136-115-0x00000000049A0000-0x0000000004AA0000-memory.dmp
    Filesize

    1024KB

    Download