Overview

overview

10

Static

static

8

107fjr24.exe

windows7_x64

3

107fjr24.exe

windows10_x64

3

109fjr24.exe

windows7_x64

3

109fjr24.exe

windows10_x64

3

121fjr24.exe

windows7_x64

3

121fjr24.exe

windows10_x64

3

127fjr24.exe

windows7_x64

3

127fjr24.exe

windows10_x64

3

85fjr24.exe

windows7_x64

3

85fjr24.exe

windows10_x64

3

DDos

linux_mips

Rat.exe

windows7_x64

10

Rat.exe

windows10_x64

10

SB360.exe

windows7_x64

9

SB360.exe

windows10_x64

9

Server.exe

windows7_x64

9

Server.exe

windows10_x64

9

Servor.exe

windows7_x64

9

Servor.exe

windows10_x64

9

Sesrver.exe

windows7_x64

1

Sesrver.exe

windows10_x64

1

assvkl.exe

windows7_x64

1

assvkl.exe

windows10_x64

1

bm.exe

windows7_x64

8

bm.exe

windows10_x64

3

cafe.exe

windows7_x64

8

cafe.exe

windows10_x64

8

dqfjr24.exe

windows7_x64

3

dqfjr24.exe

windows10_x64

3

knmbr.exe

windows7_x64

1

knmbr.exe

windows10_x64

1

muzzo.exe

windows7_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    22-01-2022 00:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    121fjr24.exe

  • Size

    141KB

  • MD5

    96ef5bf4508b298d0c3be338e6578482

  • SHA1

    6c69382beb07e2a55a71e2ae8960e1e0839cad8f

  • SHA256

    04774a86cde968bcde830d2871d41341129a696f67a3bc99395cf08b29bb6cca

  • SHA512

    c4a7e948a35a4ca7df81784aa090c140f287c837e897c94f8b6f8946ba7c4a04f8917de1249070cb207dad07b3fe9a821231bbf05feb6c222c5a0c2dea00e404

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\121fjr24.exe
    "C:\Users\Admin\AppData\Local\Temp\121fjr24.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1404
    • C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\SysWOW64\explorer.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:332
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 232
        3⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        PID:616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/332-55-0x0000000000080000-0x0000000000081000-memory.dmp
    Filesize

    4KB

    Download
  • memory/332-56-0x0000000000090000-0x0000000000094000-memory.dmp
    Filesize

    16KB

    Download
  • memory/332-57-0x00000000000A0000-0x00000000000A3000-memory.dmp
    Filesize

    12KB

    Download
  • memory/332-63-0x0000000074631000-0x0000000074633000-memory.dmp
    Filesize

    8KB

    Download
  • memory/332-64-0x00000000000B0000-0x00000000000B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/616-66-0x0000000000210000-0x00000000002DC000-memory.dmp
    Filesize

    816KB

    Download
  • memory/1404-54-0x0000000074F01000-0x0000000074F03000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1404-59-0x0000000000230000-0x0000000000234000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1404-61-0x0000000000250000-0x0000000000254000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1404-62-0x0000000000400000-0x000000000042D000-memory.dmp
    Filesize

    180KB

    Download