Overview

overview

10

Static

static

1ac9a083e0...6e.exe

windows7_x64

3

1ac9a083e0...6e.exe

windows10_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    03-12-2021 17:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ac9a083e02365f726ee1e704ef5386e.exe

  • Size

    548KB

  • MD5

    1ac9a083e02365f726ee1e704ef5386e

  • SHA1

    4636a5f47b55eef6d39ae6e99e7b90b7bc0e6fd5

  • SHA256

    409d082509f1965c92e8be062f7dccb0b9af2458e720460658729468d44fef28

  • SHA512

    50780d01741b51cad36c661cf9282ba3b5994bd2660997edebafaae18cbc5099a8800b3ae6ca8e8dd2d897318744a87d979ccd6a1c6304ada5e78fc92daf44b7

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ac9a083e02365f726ee1e704ef5386e.exe
    "C:\Users\Admin\AppData\Local\Temp\1ac9a083e02365f726ee1e704ef5386e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 672
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/612-61-0x0000000000000000-mapping.dmp
    Download
  • memory/612-62-0x0000000000380000-0x0000000000381000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1628-55-0x00000000010B0000-0x00000000010B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1628-57-0x0000000075901000-0x0000000075903000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1628-58-0x0000000004DA0000-0x0000000004DA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1628-59-0x0000000000680000-0x0000000000686000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1628-60-0x0000000005BE0000-0x0000000005C5D000-memory.dmp
    Filesize

    500KB

    Download