Overview

overview

10

Static

static

10

bf37527c52...46.exe

windows7_x64

3

bf37527c52...46.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    118s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    15-02-2022 20:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf37527c525f1fa0ce174a7cb1d823d16236a4d52fd4e4cb4c0b1ab8c4529146.exe

  • Size

    341KB

  • MD5

    268104622c89c7a922ae0972b94f45e1

  • SHA1

    dce92981da80ea6884155206f4923e4635feaabd

  • SHA256

    bf37527c525f1fa0ce174a7cb1d823d16236a4d52fd4e4cb4c0b1ab8c4529146

  • SHA512

    27a01c7f7f00533d60d5bd54523a14fefbe96f1f824e5c20d44ba547d74aeb8791b2169a41f183c026cc2ec39576d0b4e612d2d85a030e3ff9c5af42ecc34811

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf37527c525f1fa0ce174a7cb1d823d16236a4d52fd4e4cb4c0b1ab8c4529146.exe
    "C:\Users\Admin\AppData\Local\Temp\bf37527c525f1fa0ce174a7cb1d823d16236a4d52fd4e4cb4c0b1ab8c4529146.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1180
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 36
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/320-54-0x0000000075F21000-0x0000000075F23000-memory.dmp

    Filesize

    8KB

    Download

  • memory/320-55-0x0000000000460000-0x0000000000461000-memory.dmp

    Filesize

    4KB

    Download