Overview

overview

10

Static

static

10

3211d985ee...4d.exe

windows7_x64

7

3211d985ee...4d.exe

windows10_x64

7

Analysis

  • max time kernel
    119s
  • max time network
    129s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    19-12-2021 01:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3211d985ee354287b4e9d8c65147004d.exe

  • Size

    106KB

  • MD5

    3211d985ee354287b4e9d8c65147004d

  • SHA1

    c90a48a6f3ef9b46c3678ea5788f3f3fa7169724

  • SHA256

    450f58cd4e9bbf4d678f1665b953cdb43ab6cd71e533c24596df5bfd42b9345e

  • SHA512

    81b85364de8e611fc051a5c4cad2a7821b1d0eee11b2e52cfbb9c45f2b8f43191fb2e9b58f9591a8c43e84140255b777ffb3d23a9a0631dc010d4a5663919ce4

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\3211d985ee354287b4e9d8c65147004d.exe
    "C:\Users\Admin\AppData\Local\Temp\3211d985ee354287b4e9d8c65147004d.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3932

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3932-115-0x0000000000620000-0x0000000000621000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3932-117-0x00000000054C0000-0x00000000054C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3932-118-0x0000000004F60000-0x0000000004F61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3932-119-0x0000000005090000-0x0000000005091000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3932-120-0x0000000004EB0000-0x00000000054B6000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/3932-121-0x0000000004FF0000-0x0000000004FF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3932-122-0x0000000005030000-0x0000000005031000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3932-123-0x0000000005320000-0x0000000005321000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3932-124-0x0000000005AD0000-0x0000000005AD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3932-125-0x0000000006070000-0x0000000006071000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3932-126-0x0000000005440000-0x0000000005441000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3932-127-0x0000000005EF0000-0x0000000005EF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3932-128-0x0000000006840000-0x0000000006841000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3932-129-0x0000000006CA0000-0x0000000006CA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3932-130-0x00000000073A0000-0x00000000073A1000-memory.dmp
    Filesize

    4KB

    Download