Overview

overview

10

Static

static

d4e23f334c...1b.exe

windows7_x64

1

d4e23f334c...1b.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    39s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    17-04-2022 14:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d4e23f334c0ff5630ad00e50022e77ca6b05defdddc0a8fde8d3725d83b4611b.exe

  • Size

    5.0MB

  • MD5

    dad016742692ade0afeb5a49aa446305

  • SHA1

    d9fd064eba67672aa036cfc65660deaa37af52b8

  • SHA256

    d4e23f334c0ff5630ad00e50022e77ca6b05defdddc0a8fde8d3725d83b4611b

  • SHA512

    fec50722d50b147cec0b6e0fb62f290113bcb1bf5723741a8a2d27ef5520f67db28ecff919956b140a7e17fdf74456f8d53255451ecaaf36f0230739884595e7

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d4e23f334c0ff5630ad00e50022e77ca6b05defdddc0a8fde8d3725d83b4611b.exe
    "C:\Users\Admin\AppData\Local\Temp\d4e23f334c0ff5630ad00e50022e77ca6b05defdddc0a8fde8d3725d83b4611b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1708
    • \??\c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
      -ep bypass -noexit -f C:\Users\Admin\AppData\Local\Temp\get-points.ps1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\get-points.ps1
    Filesize

    3.0MB

    MD5

    fcfe7074bc99ba0617df95368adfdc45

    SHA1

    a3bd74b18730ee8d3c13b3ef7494e7eec37ee776

    SHA256

    5dfa18266f82dffe71977a6b2666535ead5d44e195bd5df24ba8db7e8b3df7f5

    SHA512

    bfc9d9b0dc0a070e99b597910301fa448784ec7f0130969de9ab7e208988159d9f9c6c805f1c458b211d7f90a37c51e958c675017e7434b39b006b066967bda9

    Download Submit

  • memory/892-55-0x000007FEFBE51000-0x000007FEFBE53000-memory.dmp

    Filesize

    8KB

    Download

  • memory/892-56-0x000007FEF4150000-0x000007FEF4CAD000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/892-57-0x00000000027D4000-0x00000000027D7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/892-58-0x000000001B770000-0x000000001BA6F000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/892-60-0x00000000027DB000-0x00000000027FA000-memory.dmp

    Filesize

    124KB

    Download