Overview

overview

10

Static

static

884efd1521...b5.exe

windows7_x64

10

884efd1521...b5.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    19s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    20-02-2022 04:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe

  • Size

    124KB

  • MD5

    3925ae7df3328773be923f74d70555e3

  • SHA1

    948af4614e8ff150fbe0bc38f40806b457acaf3a

  • SHA256

    884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5

  • SHA512

    1eb06c442f6c63d7f5908a57ec57852678820349385e8e77aa0baaa584e6bb2dca59c0e2d4529734f9108e298d245e755202b70461cc1e6402ef37cc7d3d942d

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
      PID:2340
    • C:\Windows\system32\DllHost.exe
      C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
      1⤵
        PID:3268
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
        1⤵
          PID:2872
        • C:\Windows\Explorer.EXE
          C:\Windows\Explorer.EXE
          1⤵
            PID:2416
            • C:\Users\Admin\AppData\Local\Temp\884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe
              "C:\Users\Admin\AppData\Local\Temp\884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe"
              2⤵
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3904
          • C:\Windows\system32\taskhostw.exe
            taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
            1⤵
              PID:2476
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
              1⤵
                PID:2380

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/2340-130-0x00007FF6DB290000-0x00007FF6DB611000-memory.dmp
                Filesize

                3.5MB

                Download