Overview

overview

10

Static

static

8

c88f2ff5e0...49.exe

windows7_x64

1

c88f2ff5e0...49.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    41s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    17-04-2022 14:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c88f2ff5e016aba6c9cfb9be8afe34daa5977bf26e91e1fcfac1594488dd7e49.exe

  • Size

    3.2MB

  • MD5

    9a3b8737a54ec78cd176fefa99845382

  • SHA1

    d5050cf9f103b4c4a2210079ce41e534548c73b0

  • SHA256

    c88f2ff5e016aba6c9cfb9be8afe34daa5977bf26e91e1fcfac1594488dd7e49

  • SHA512

    06f77e46c757b63b75e1fca81725163d82b139b83105a8638010d1ed150509da54cdeff0f7562eef02dfe11347eee09023454e641fc94d50ac06793466becf16

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c88f2ff5e016aba6c9cfb9be8afe34daa5977bf26e91e1fcfac1594488dd7e49.exe
    "C:\Users\Admin\AppData\Local\Temp\c88f2ff5e016aba6c9cfb9be8afe34daa5977bf26e91e1fcfac1594488dd7e49.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:292
    • \??\c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
      -ep bypass -noexit -f C:\Users\Admin\AppData\Local\Temp\get-points.ps1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\get-points.ps1
    Filesize

    3.0MB

    MD5

    e4262f985f2c3b9284c46a4f74afe9c2

    SHA1

    59609e1ca8c1e55f3406706c4711b02b8122ec8f

    SHA256

    5fe9aa0f1785337e5e8d1912a0072b53c79316d856fa9dc37bfb5892f88fb8ae

    SHA512

    df88c2e2de879427e08c3a2110678abe1d855d10fad54ab6955198599496c789933028f331721244d09e1dd202d732d4b409efe09fc999a902fbed3b0b531ee0

    Download Submit

  • memory/296-54-0x0000000000000000-mapping.dmp

    Download

  • memory/296-55-0x000007FEFC521000-0x000007FEFC523000-memory.dmp

    Filesize

    8KB

    Download

  • memory/296-56-0x000007FEF4050000-0x000007FEF4BAD000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/296-61-0x00000000025DB000-0x00000000025FA000-memory.dmp

    Filesize

    124KB

    Download

  • memory/296-60-0x00000000025D4000-0x00000000025D7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/296-59-0x00000000025D2000-0x00000000025D4000-memory.dmp

    Filesize

    8KB

    Download

  • memory/296-58-0x00000000025D0000-0x00000000025D2000-memory.dmp

    Filesize

    8KB

    Download