Overview

overview

10

Static

static

9dea50450a...c3.exe

windows7_x64

1

9dea50450a...c3.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    28s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    17-04-2022 14:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9dea50450a6840d3be1898060406c4082c2ae3e808bf26d72baf5560118182c3.exe

  • Size

    5.0MB

  • MD5

    e1a8986ee83e069db5911cf5f97ae45e

  • SHA1

    24aea95b64acd33ab88a7495a3dcca6d3111cb67

  • SHA256

    9dea50450a6840d3be1898060406c4082c2ae3e808bf26d72baf5560118182c3

  • SHA512

    5550bf83089cf36fe174aaa814fc185bd0152d9f813f9a645778f380f97d1b8fb66f0de38c0187fa563edb6cbb7864667dd43a479f4ae59be95c26dfef0507b1

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9dea50450a6840d3be1898060406c4082c2ae3e808bf26d72baf5560118182c3.exe
    "C:\Users\Admin\AppData\Local\Temp\9dea50450a6840d3be1898060406c4082c2ae3e808bf26d72baf5560118182c3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1492
    • \??\c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
      -ep bypass -noexit -f C:\Users\Admin\AppData\Local\Temp\get-points.ps1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\get-points.ps1
    Filesize

    3.0MB

    MD5

    4cbfa161c9ce114d4b772988ef9f8255

    SHA1

    28178e575804a3c97434bca53111cab82546be38

    SHA256

    ef297ff9ad64d966e8c977fd8272523f69e73309ed6886b33a8e6e5801e49610

    SHA512

    d89b9eed47c5396983a7b08999b925d105414f9d7aedbcdfb3a2f081eb7f326838a56221883ce3f68b376172c7339878f3a9b24e601cc002be7887ae91371496

    Download Submit
  • memory/1228-54-0x0000000000000000-mapping.dmp
    Download
  • memory/1228-55-0x000007FEFBF91000-0x000007FEFBF93000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1228-56-0x000007FEF3A70000-0x000007FEF45CD000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/1228-59-0x0000000002642000-0x0000000002644000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1228-61-0x000000000264B000-0x000000000266A000-memory.dmp
    Filesize

    124KB

    Download
  • memory/1228-60-0x0000000002644000-0x0000000002647000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1228-58-0x0000000002640000-0x0000000002642000-memory.dmp
    Filesize

    8KB

    Download