Overview

overview

10

Static

static

498fd1c4cb...4e.exe

windows7_x64

5

498fd1c4cb...4e.exe

windows10_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    28-01-2022 21:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    498fd1c4cb16f39974555d6e596fcea6c7da73f9f0f30f57fdc8177fc3feaa4e.exe

  • Size

    170KB

  • MD5

    e0a5d9e9cf600b37eb836aee07906566

  • SHA1

    583aebb976132afd18dd32ed46e14f58eb0ae1b9

  • SHA256

    498fd1c4cb16f39974555d6e596fcea6c7da73f9f0f30f57fdc8177fc3feaa4e

  • SHA512

    3544a290acab84a485770ed336b10ca8697b64356d80923533ea5f5c7c27912ff30ef181f67bce761cb366719e3073d98715cd00db72058e38ae4e592269c7af

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\498fd1c4cb16f39974555d6e596fcea6c7da73f9f0f30f57fdc8177fc3feaa4e.exe
    "C:\Users\Admin\AppData\Local\Temp\498fd1c4cb16f39974555d6e596fcea6c7da73f9f0f30f57fdc8177fc3feaa4e.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1068
    • C:\Users\Admin\AppData\Local\Temp\498fd1c4cb16f39974555d6e596fcea6c7da73f9f0f30f57fdc8177fc3feaa4e.exe
      C:\Users\Admin\AppData\Local\Temp\498fd1c4cb16f39974555d6e596fcea6c7da73f9f0f30f57fdc8177fc3feaa4e.exe
      2⤵
        PID:332

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1068-54-0x00000000751B1000-0x00000000751B3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1068-55-0x0000000002030000-0x0000000002031000-memory.dmp

      Filesize

      4KB

      Download