Overview

overview

10

Static

static

74ff711492...c6.exe

windows7_x64

10

74ff711492...c6.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-05-2022 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6.exe

  • Size

    754KB

  • MD5

    ca12eb7a1b83c0ab450644abf40a6b6c

  • SHA1

    d42c8a7c8b17e05fad9463ad7fb6cc87511e27b6

  • SHA256

    74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6

  • SHA512

    492d936d47c2bc60d15b1a367c1b63803ed0c9f06a4a3a0d09efedcc63d79c82794b1be43cec48a95232ee39d5ef1f62eb7e4c75a145f741cd32b92ce4591d64

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6.exe
    "C:\Users\Admin\AppData\Local\Temp\74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3572
    • C:\Windows\SysWOW64\cmd.exe
      "cmd" /c start /b powershell Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6.exe' & exit
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3680
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6.exe'
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1524-142-0x00000000077D0000-0x0000000007E4A000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/1524-145-0x00000000064D0000-0x00000000064F2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1524-144-0x0000000007150000-0x00000000071E6000-memory.dmp

    Filesize

    600KB

    Download

  • memory/1524-138-0x00000000052C0000-0x00000000058E8000-memory.dmp

    Filesize

    6.2MB

    Download

  • memory/1524-143-0x0000000006400000-0x000000000641A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1524-141-0x0000000005F80000-0x0000000005F9E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1524-137-0x00000000025D0000-0x0000000002606000-memory.dmp

    Filesize

    216KB

    Download

  • memory/1524-140-0x0000000004FF0000-0x0000000005056000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1524-139-0x0000000004F50000-0x0000000004F72000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3572-134-0x0000000005490000-0x0000000005522000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3572-131-0x00000000055C0000-0x0000000005B64000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3572-130-0x0000000000450000-0x0000000000512000-memory.dmp

    Filesize

    776KB

    Download

  • memory/3572-133-0x0000000005380000-0x00000000053E6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3572-132-0x0000000004F00000-0x0000000004F9C000-memory.dmp

    Filesize

    624KB

    Download