Overview

overview

10

Static

static

10

add67e3a45...bb.exe

windows7_x64

3

add67e3a45...bb.exe

windows10_x64

3

Analysis

  • max time kernel
    118s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    28-01-2022 18:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exe

  • Size

    137KB

  • MD5

    d40a530582e67ed1e8f7fa46cd4049d6

  • SHA1

    be823739d4107ba476b0474c3ec2b2ba9e27e974

  • SHA256

    add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb

  • SHA512

    11125b959af3918ce0f46e08325706ae6c9a380019b93fa548f102c3d0aa32dbb9a37f285f8754785dc067a24fc311f6454187c9fcb2d39439aadbf5854178a6

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exe
    "C:\Users\Admin\AppData\Local\Temp\add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:980
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 180
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/980-54-0x0000000075F21000-0x0000000075F23000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1916-56-0x0000000000430000-0x0000000000490000-memory.dmp
    Filesize

    384KB

    Download