Overview

overview

10

Static

static

040c97d88d...4a.exe

windows7_x64

3

040c97d88d...4a.exe

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    07-12-2021 10:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    040c97d88d85a6125f0d00bc5173f94a.exe

  • Size

    600KB

  • MD5

    040c97d88d85a6125f0d00bc5173f94a

  • SHA1

    7d6f268c252f97a004f2b123aed5b8bafbf43350

  • SHA256

    1a2eb9acfe8bb06d2b0e8e5124bbc123d4aeffacc0d129c7d9a2c36be3786b76

  • SHA512

    5401f2e0e88db389746012d5f1041540b5f6ba1f64c09e8d945a1a41100de459c73c7a401a4ef982403a5613dd9d72ca9a4dd1cd6004fa7eb264791c2a47f0b7

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\040c97d88d85a6125f0d00bc5173f94a.exe
    "C:\Users\Admin\AppData\Local\Temp\040c97d88d85a6125f0d00bc5173f94a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 664
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/544-61-0x0000000000000000-mapping.dmp
    Download
  • memory/544-62-0x0000000000410000-0x0000000000411000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1100-55-0x0000000001020000-0x0000000001021000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1100-57-0x00000000768A1000-0x00000000768A3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1100-58-0x0000000004BC0000-0x0000000004BC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1100-59-0x00000000003B0000-0x00000000003B8000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1100-60-0x0000000004FE0000-0x000000000505B000-memory.dmp
    Filesize

    492KB

    Download