Overview

overview

10

Static

static

10

100f12ddd5...5a.exe

windows7_x64

3

100f12ddd5...5a.exe

windows10-2004_x64

4

Analysis

  • max time kernel
    119s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    12-02-2022 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a.exe

  • Size

    100KB

  • MD5

    84727567570b152ed8715ebec503c40f

  • SHA1

    3b49ada75b343beb2a252efdac01d6c5a6f64a11

  • SHA256

    100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a

  • SHA512

    adb1a8ece00fcc867a3483d21535432b8dd69f580125590baec33180bf69f0c2e17c173816f708c5902a1a1432381a6850fb7dfdca573741b6ded9121eedac60

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a.exe
    "C:\Users\Admin\AppData\Local\Temp\100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1592
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 120
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1032-56-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1592-54-0x0000000076151000-0x0000000076153000-memory.dmp

    Filesize

    8KB

    Download