Overview

overview

10

Static

static

10

eb9e29ae32...1b.exe

windows7_x64

3

eb9e29ae32...1b.exe

windows10_x64

3

Analysis

  • max time kernel
    126s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    24-01-2022 00:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b.exe

  • Size

    164KB

  • MD5

    47a1e9b344b5844ca6ed47cfca2d1add

  • SHA1

    faa8ce757251a9dfbd2d210f348e50713c0dacee

  • SHA256

    eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b

  • SHA512

    70f4bdf37ddc8081bd75503618917e82824ffb39743a3ec1e2bd95b0c3231a408f639bb3f60711ee784044b8a24e912022894d717843f3c30c87c121c1ed8d27

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b.exe
    "C:\Users\Admin\AppData\Local\Temp\eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:792
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 52
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/804-54-0x0000000075341000-0x0000000075343000-memory.dmp
    Filesize

    8KB

    Download
  • memory/804-55-0x0000000000590000-0x00000000005BC000-memory.dmp
    Filesize

    176KB

    Download