Overview

overview

10

Static

static

10

oooo.exe

windows7_x64

5

oooo.exe

windows10_x64

10

Analysis

  • max time kernel
    127s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    21-10-2021 09:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    oooo.exe

  • Size

    164KB

  • MD5

    33f851f65f6b0b30c69cc8c113079565

  • SHA1

    a6dec10d7b33bf25d351f1d1a6ada52cbb7dcaf2

  • SHA256

    ee30bcf64cc2b2664a526d9bf03da79d2bcb3b9633783621642fcf3b5aecebd3

  • SHA512

    c4f323feadc237965cabd2ad2b33187ad120f32071b7dbd89d6e65e0cce7a3e7f9e8fa8d10923383d9dcd582238194a775bc59ec6a2cdfaf73a7c453d6ad23df

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1204
    • C:\Users\Admin\AppData\Local\Temp\oooo.exe
      "C:\Users\Admin\AppData\Local\Temp\oooo.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of AdjustPrivilegeToken
      PID:1572
    • C:\Windows\SysWOW64\autochk.exe
      "C:\Windows\SysWOW64\autochk.exe"
      2⤵
        PID:1904

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1204-56-0x0000000006040000-0x000000000614A000-memory.dmp
      Filesize

      1.0MB

      Download
    • memory/1204-58-0x0000000006DC0000-0x0000000006F2B000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/1572-54-0x0000000000700000-0x0000000000A03000-memory.dmp
      Filesize

      3.0MB

      Download
    • memory/1572-55-0x0000000000310000-0x0000000000321000-memory.dmp
      Filesize

      68KB

      Download
    • memory/1572-57-0x0000000000550000-0x0000000000561000-memory.dmp
      Filesize

      68KB

      Download