Overview

overview

10

Static

static

3ec948a979...31.exe

windows7_x64

10

3ec948a979...31.exe

windows10_x64

1

Analysis

  • max time kernel
    175s
  • max time network
    180s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    30-01-2022 15:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ec948a979dfde44911ced4666cfc7f445ffecdab2f8c9c8ac71ef8f99fd4131.exe

  • Size

    2.2MB

  • MD5

    e8d16b1b67ef52f774cd9a36323e3fad

  • SHA1

    d74cbffadc4f035d8a668dc11f7541b0092b46a6

  • SHA256

    3ec948a979dfde44911ced4666cfc7f445ffecdab2f8c9c8ac71ef8f99fd4131

  • SHA512

    f89f1121bd2fa6c39262d585d3108a649d22ca785511d4a8d7a12864927e1230dbad17d28632c624be87f2b14dbc3e1a3d15858548f710597d8466ee1cc7277e

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ec948a979dfde44911ced4666cfc7f445ffecdab2f8c9c8ac71ef8f99fd4131.exe
    "C:\Users\Admin\AppData\Local\Temp\3ec948a979dfde44911ced4666cfc7f445ffecdab2f8c9c8ac71ef8f99fd4131.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2424
    • C:\Users\Admin\AppData\Local\Temp\3ec948a979dfde44911ced4666cfc7f445ffecdab2f8c9c8ac71ef8f99fd4131.exe
      "C:\Users\Admin\AppData\Local\Temp\3ec948a979dfde44911ced4666cfc7f445ffecdab2f8c9c8ac71ef8f99fd4131.exe"
      2⤵
        PID:2232

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2424-115-0x0000000000190000-0x00000000003CA000-memory.dmp
      Filesize

      2.2MB

      Download
    • memory/2424-116-0x00000000050B0000-0x00000000050B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2424-117-0x0000000005160000-0x00000000051F2000-memory.dmp
      Filesize

      584KB

      Download
    • memory/2424-118-0x0000000005700000-0x0000000005BFE000-memory.dmp
      Filesize

      5.0MB

      Download
    • memory/2424-119-0x00000000050C0000-0x00000000050DC000-memory.dmp
      Filesize

      112KB

      Download
    • memory/2424-120-0x00000000052A0000-0x000000000533C000-memory.dmp
      Filesize

      624KB

      Download
    • memory/2424-121-0x0000000005F80000-0x000000000613A000-memory.dmp
      Filesize

      1.7MB

      Download
    • memory/2424-122-0x00000000093E0000-0x000000000955C000-memory.dmp
      Filesize

      1.5MB

      Download