Overview

overview

10

Static

static

10

ea6ced3730...f9.exe

windows7_x64

3

ea6ced3730...f9.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    31-01-2022 23:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea6ced3730495e2231c1a755fcc1aefac7622ac4bd5e269b2a5996572acb42f9.exe

  • Size

    79KB

  • MD5

    780a4c89ba8e4af56e557b7faf73b42b

  • SHA1

    d255716d5e2a6ce57ec07f13de38d2000dd3bb8d

  • SHA256

    ea6ced3730495e2231c1a755fcc1aefac7622ac4bd5e269b2a5996572acb42f9

  • SHA512

    37b66f2ba70cf1dd785fe21f49627e208c2c3d1f92bfc5b39882099109fbcb6822366d4a876062a8b66c0b4a9b9098333fc3b21792786be1f3ee2346a6e82800

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea6ced3730495e2231c1a755fcc1aefac7622ac4bd5e269b2a5996572acb42f9.exe
    "C:\Users\Admin\AppData\Local\Temp\ea6ced3730495e2231c1a755fcc1aefac7622ac4bd5e269b2a5996572acb42f9.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1480
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 116
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1480-54-0x0000000074B21000-0x0000000074B23000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1952-56-0x00000000003D0000-0x00000000003E6000-memory.dmp

    Filesize

    88KB

    Download