Overview

overview

10

Static

static

a3f88b358a...f5.exe

windows7_x64

3

a3f88b358a...f5.exe

windows10_x64

10

Analysis

  • max time kernel
    146s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-en-20211104
  • submitted
    07-12-2021 10:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a3f88b358aeb96f7d3cce152c6ef88f5.exe

  • Size

    596KB

  • MD5

    a3f88b358aeb96f7d3cce152c6ef88f5

  • SHA1

    71f1ace1dbdfdf252a6353e137e76003ef0c1b73

  • SHA256

    cabaec74ffa9d9e52b03f48c8ff2c3e87c98aa39c032c7f82385c3b11f5d0025

  • SHA512

    ac8a39a6544d709c12711558ed2acbf4961e74ac791fe817c05b90c1078c68b3ce87abf79236054cebdae2fd53833faaeca213b2c7a006667123d47684f9848c

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a3f88b358aeb96f7d3cce152c6ef88f5.exe
    "C:\Users\Admin\AppData\Local\Temp\a3f88b358aeb96f7d3cce152c6ef88f5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:844
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 664
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/844-55-0x0000000000100000-0x0000000000101000-memory.dmp
    Filesize

    4KB

    Download
  • memory/844-57-0x00000000758F1000-0x00000000758F3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/844-58-0x0000000000310000-0x0000000000318000-memory.dmp
    Filesize

    32KB

    Download
  • memory/844-59-0x00000000047D0000-0x00000000047D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/844-60-0x0000000004F30000-0x0000000004FAE000-memory.dmp
    Filesize

    504KB

    Download
  • memory/1248-61-0x0000000000000000-mapping.dmp
    Download
  • memory/1248-62-0x0000000000530000-0x0000000000531000-memory.dmp
    Filesize

    4KB

    Download