Overview

overview

10

Static

static

8

4bd7686dfd...98.exe

windows7_x64

1

4bd7686dfd...98.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    45s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    03-05-2022 19:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4bd7686dfdc21d3763deecc2bb8a238eb1848fe8328411aabded29d08a529398.exe

  • Size

    3.2MB

  • MD5

    337e4fd5e423ee5e716ed7ee270bcd00

  • SHA1

    6390cf1f9b5a7e5dc3494d603c634e8b5c9b6233

  • SHA256

    4bd7686dfdc21d3763deecc2bb8a238eb1848fe8328411aabded29d08a529398

  • SHA512

    e44814ffdfda11c7f2461b3ec8fa587bf2ca28b8f48b28a9bf103d5a3faf3e5293995c88e8e625eb71f856b5e5160f52ef011a5decd3acd4b1029aa63591e724

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4bd7686dfdc21d3763deecc2bb8a238eb1848fe8328411aabded29d08a529398.exe
    "C:\Users\Admin\AppData\Local\Temp\4bd7686dfdc21d3763deecc2bb8a238eb1848fe8328411aabded29d08a529398.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1952
    • \??\c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
      -ep bypass -noexit -f C:\Users\Admin\AppData\Local\Temp\get-points.ps1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\get-points.ps1
    Filesize

    3.0MB

    MD5

    031d92d079edd02c5f34248e9bf03ff6

    SHA1

    736e40d6cde2566fb5d976cb1d7172e6acb8bd12

    SHA256

    ab89298954e80cea1c73937cb628874832ab9d45c6d3be9dde40c4a4aae82ad2

    SHA512

    5bf6934556f451d35303e50e03b5a74a4b74d58b836f15c3cc3356b0b9e1a2bff6867153c63537f5fc942d346850bc9d2a34cf509d6c5b4d13d9021eefce39f5

    Download Submit
  • memory/1104-54-0x0000000000000000-mapping.dmp
    Download
  • memory/1104-55-0x000007FEFBF11000-0x000007FEFBF13000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1104-56-0x000007FEF3050000-0x000007FEF3BAD000-memory.dmp
    Filesize

    11.4MB

    Download
  • memory/1104-57-0x0000000002884000-0x0000000002887000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1104-58-0x000000001B790000-0x000000001BA8F000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/1104-60-0x000000000288B000-0x00000000028AA000-memory.dmp
    Filesize

    124KB

    Download