Overview

overview

10

Static

static

8

00d5e412b5...ee.exe

windows7_x64

1

00d5e412b5...ee.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    56s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    02-05-2022 15:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00d5e412b5291821d1d494e993d6df45002cdedb9c750e4133f73ec6a67653ee.exe

  • Size

    3.2MB

  • MD5

    92a57e8a84eb3be8af9c64753c30781b

  • SHA1

    bd0717580833a366d3c2b4f8b368095714c4c98d

  • SHA256

    00d5e412b5291821d1d494e993d6df45002cdedb9c750e4133f73ec6a67653ee

  • SHA512

    dd3bcb529dfaab3470c62ee263cef66a3675cd3375d6f8b043b67f2a22564f86d0318c4fc79ad87e0579d2ceff93677745fecdab926141d5687ee3b5cb5753c2

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00d5e412b5291821d1d494e993d6df45002cdedb9c750e4133f73ec6a67653ee.exe
    "C:\Users\Admin\AppData\Local\Temp\00d5e412b5291821d1d494e993d6df45002cdedb9c750e4133f73ec6a67653ee.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1044
    • \??\c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
      -ep bypass -noexit -f C:\Users\Admin\AppData\Local\Temp\get-points.ps1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\get-points.ps1
    Filesize

    3.0MB

    MD5

    4cbfa161c9ce114d4b772988ef9f8255

    SHA1

    28178e575804a3c97434bca53111cab82546be38

    SHA256

    ef297ff9ad64d966e8c977fd8272523f69e73309ed6886b33a8e6e5801e49610

    SHA512

    d89b9eed47c5396983a7b08999b925d105414f9d7aedbcdfb3a2f081eb7f326838a56221883ce3f68b376172c7339878f3a9b24e601cc002be7887ae91371496

    Download Submit

  • memory/1100-54-0x0000000000000000-mapping.dmp

    Download

  • memory/1100-55-0x000007FEFC3E1000-0x000007FEFC3E3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1100-57-0x0000000002754000-0x0000000002757000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1100-56-0x000007FEF3DB0000-0x000007FEF490D000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/1100-58-0x000000001B760000-0x000000001BA5F000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1100-60-0x000000000275B000-0x000000000277A000-memory.dmp

    Filesize

    124KB

    Download