Overview

overview

10

Static

static

PO38562110.exe

windows7_x64

1

PO38562110.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    47s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-05-2022 23:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PO38562110.exe

  • Size

    936KB

  • MD5

    bbb0b33663055f506d0dc4fa382b6ef6

  • SHA1

    c97788c492ebd0f959f069ab5b6d341fb2fbcaa1

  • SHA256

    6077a9d47232d6bb6425891c5c71096e21e4f961fa4b882004c4574a23321ab9

  • SHA512

    d4adf010dd558fb0f6a70b09c675c636dbe70be04e1495dfd7b113b0975141e0e891c1723837c1bae114a327cc056718934196b6ea9843839c23f16f78a144b6

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PO38562110.exe
    "C:\Users\Admin\AppData\Local\Temp\PO38562110.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:960
    • C:\Users\Admin\AppData\Local\Temp\PO38562110.exe
      "{path}"
      2⤵
        PID:1432
      • C:\Users\Admin\AppData\Local\Temp\PO38562110.exe
        "{path}"
        2⤵
          PID:2028
        • C:\Users\Admin\AppData\Local\Temp\PO38562110.exe
          "{path}"
          2⤵
            PID:1064
          • C:\Users\Admin\AppData\Local\Temp\PO38562110.exe
            "{path}"
            2⤵
              PID:1120
            • C:\Users\Admin\AppData\Local\Temp\PO38562110.exe
              "{path}"
              2⤵
                PID:1160

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/960-54-0x0000000000390000-0x0000000000480000-memory.dmp
              Filesize

              960KB

              Download
            • memory/960-55-0x0000000076571000-0x0000000076573000-memory.dmp
              Filesize

              8KB

              Download
            • memory/960-56-0x0000000000370000-0x000000000037A000-memory.dmp
              Filesize

              40KB

              Download
            • memory/960-57-0x00000000060C0000-0x0000000006184000-memory.dmp
              Filesize

              784KB

              Download
            • memory/960-58-0x000000000AAB0000-0x000000000AB72000-memory.dmp
              Filesize

              776KB

              Download