Overview

overview

10

Static

static

10

0b3add1edb...1c.exe

windows7_x64

3

0b3add1edb...1c.exe

windows10-2004_x64

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    31-01-2022 23:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b3add1edb40d5164ee57e84f7462ee4ff3ef6da65b14ebb6b50b2222d45bc1c.exe

  • Size

    70KB

  • MD5

    a95e39d38e764abb019d4c9b08dbee67

  • SHA1

    e5e612f680fd17fb5cd4f2efc7ebd026ad169406

  • SHA256

    0b3add1edb40d5164ee57e84f7462ee4ff3ef6da65b14ebb6b50b2222d45bc1c

  • SHA512

    2f19f1471c4ad75ce109af9d5305232a33d5ac7423dcfffddbeb401e5cabb6f62586e27cec6e0e8770eb2822c6fc2275592fa25f3193198bfa26afa5f82a6e81

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b3add1edb40d5164ee57e84f7462ee4ff3ef6da65b14ebb6b50b2222d45bc1c.exe
    "C:\Users\Admin\AppData\Local\Temp\0b3add1edb40d5164ee57e84f7462ee4ff3ef6da65b14ebb6b50b2222d45bc1c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 36
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1116-55-0x0000000076511000-0x0000000076513000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1116-56-0x0000000000810000-0x0000000000811000-memory.dmp

    Filesize

    4KB

    Download