Overview

overview

10

Static

static

be336ff807...a8.exe

windows7_x64

10

be336ff807...a8.exe

windows10-2004_x64

4

Analysis

  • max time kernel
    144s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    12-02-2022 00:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    be336ff807ecd120dca270ee1fae0b2284d2d112d6f1ed9baa875824146befa8.exe

  • Size

    401KB

  • MD5

    a9fa01f0aa6c18a5520e918303a91a10

  • SHA1

    3f5ef40bfb1181c2944e8fa4ff44215c0831789c

  • SHA256

    be336ff807ecd120dca270ee1fae0b2284d2d112d6f1ed9baa875824146befa8

  • SHA512

    b008c6532ca8e93fc379b21aec4939133dfa1b289f4876a50d3c9f456d0391177ab5f4445cf642dc184eb0bd959e739a6d697950427077be914acbb5cf644ffc

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\be336ff807ecd120dca270ee1fae0b2284d2d112d6f1ed9baa875824146befa8.exe
    "C:\Users\Admin\AppData\Local\Temp\be336ff807ecd120dca270ee1fae0b2284d2d112d6f1ed9baa875824146befa8.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3164
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3368
  • C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
    C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3164-140-0x0000000004EE2000-0x0000000004EE3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3164-141-0x0000000004EE3000-0x0000000004EE4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3164-146-0x0000000004EE4000-0x0000000004EE6000-memory.dmp
    Filesize

    8KB

    Download
  • memory/3164-134-0x0000000000508000-0x0000000000534000-memory.dmp
    Filesize

    176KB

    Download
  • memory/3164-145-0x00000000028A0000-0x00000000028DC000-memory.dmp
    Filesize

    240KB

    Download
  • memory/3164-136-0x0000000000400000-0x000000000043C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/3164-144-0x0000000004D30000-0x0000000004E3A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/3164-137-0x0000000074FEE000-0x0000000074FEF000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3164-135-0x0000000002220000-0x0000000002259000-memory.dmp
    Filesize

    228KB

    Download
  • memory/3164-139-0x0000000004EE0000-0x0000000004EE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3164-138-0x0000000004EF0000-0x0000000005494000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/3164-142-0x00000000054A0000-0x0000000005AB8000-memory.dmp
    Filesize

    6.1MB

    Download
  • memory/3164-143-0x0000000002770000-0x0000000002782000-memory.dmp
    Filesize

    72KB

    Download
  • memory/3368-131-0x0000020388970000-0x0000020388980000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3368-130-0x00000203881A0000-0x00000203881B0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3368-132-0x000002038B580000-0x000002038B584000-memory.dmp
    Filesize

    16KB

    Download