Overview

overview

1

Static

static

10

805b92787c...in.exe

windows7_x64

1

805b92787c...in.exe

windows10_x64

1

Analysis

  • max time kernel
    119s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    09-11-2021 01:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    805b92787ca7833eef5e61e2df1310e4b6544955e812e60b5f834f904623fd9f.bin.exe

  • Size

    8.3MB

  • MD5

    aedebba95462e9db10b834551e3abc03

  • SHA1

    551c8f9200aa77d9bc94260a516522619016e2b7

  • SHA256

    805b92787ca7833eef5e61e2df1310e4b6544955e812e60b5f834f904623fd9f

  • SHA512

    e3928a34b18385ea8c43598bc13792b3f2d5b3f9cf0a2aa2b0bd0db666ad7e69d6cfdfb4d5dc07f086707156623462ce24432275a6d5bf08669478fe55954980

Score
1/10

Malware Config

Signatures

  • GoLang User-Agent 18 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\805b92787ca7833eef5e61e2df1310e4b6544955e812e60b5f834f904623fd9f.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\805b92787ca7833eef5e61e2df1310e4b6544955e812e60b5f834f904623fd9f.bin.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:268
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c whoami
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1424
      • C:\Windows\SysWOW64\whoami.exe
        whoami
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/972-56-0x0000000000000000-mapping.dmp

    Download

  • memory/1424-55-0x0000000000000000-mapping.dmp

    Download