Overview

overview

10

Static

static

e02e5c6a19...64.exe

windows7_x64

10

e02e5c6a19...64.exe

windows10_x64

10

Analysis

  • max time kernel
    108s
  • max time network
    129s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    21-10-2021 12:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e02e5c6a19494f4f8db40abb8d287e69e36c52977da9ac8c2fb3ddda8afda264.exe

  • Size

    190KB

  • MD5

    c8b959ef2d758a41a5f152f69c92d925

  • SHA1

    d7075192df45409fc111d642d861ce52a45cb2b1

  • SHA256

    e02e5c6a19494f4f8db40abb8d287e69e36c52977da9ac8c2fb3ddda8afda264

  • SHA512

    d4717d0f74a7aec1e103c5152c49fee597366326578524b9adb5428dcd18112bfa10185a6e31d3070f8a9fce4d36daed0ee3be402987e7a29458cbcceecc42ea

Score
10/10
suricata

Malware Config

Signatures

  • suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    suricata
  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata
  • Downloads MZ/PE file
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e02e5c6a19494f4f8db40abb8d287e69e36c52977da9ac8c2fb3ddda8afda264.exe
    "C:\Users\Admin\AppData\Local\Temp\e02e5c6a19494f4f8db40abb8d287e69e36c52977da9ac8c2fb3ddda8afda264.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3488
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
      2⤵
        PID:1524

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3488-118-0x0000000000610000-0x0000000000611000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3488-120-0x0000000000E60000-0x0000000000E62000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3488-121-0x0000000000B70000-0x0000000000B7A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/3488-122-0x0000000000B80000-0x0000000000B81000-memory.dmp
      Filesize

      4KB

      Download