Analysis

  • max time kernel
    41s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21-05-2022 01:52

General

  • Target

    SCTB38 NEW782.exe

  • Size

    1.0MB

  • MD5

    18b6f9b159d93570f9ace705a62a9fad

  • SHA1

    82f75eeef6e25500f517faf6f561057e63ea3a63

  • SHA256

    48c124e7d628adaa322470af51fdee8a965faf61bdfbc4c2b143dcf57d52be1a

  • SHA512

    d836b883425d6c8567eb0876a67525aca3ac6a33c0b7d2a72ef76bf6f0bf71594fdb2c71d6b18f5eeb607c1b3cd334876ae5d2906fa456d6b8d2c6e498696e39

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SCTB38 NEW782.exe
    "C:\Users\Admin\AppData\Local\Temp\SCTB38 NEW782.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Users\Admin\AppData\Local\Temp\SCTB38 NEW782.exe
      "{path}"
      2⤵
        PID:1068
      • C:\Users\Admin\AppData\Local\Temp\SCTB38 NEW782.exe
        "{path}"
        2⤵
          PID:1144
        • C:\Users\Admin\AppData\Local\Temp\SCTB38 NEW782.exe
          "{path}"
          2⤵
            PID:1696
          • C:\Users\Admin\AppData\Local\Temp\SCTB38 NEW782.exe
            "{path}"
            2⤵
              PID:2036
            • C:\Users\Admin\AppData\Local\Temp\SCTB38 NEW782.exe
              "{path}"
              2⤵
                PID:2000

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1048-54-0x00000000003C0000-0x00000000004CA000-memory.dmp

              Filesize

              1.0MB

            • memory/1048-55-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

              Filesize

              8KB

            • memory/1048-56-0x00000000005F0000-0x00000000005FC000-memory.dmp

              Filesize

              48KB

            • memory/1048-57-0x0000000005BF0000-0x0000000005CD4000-memory.dmp

              Filesize

              912KB

            • memory/1048-58-0x0000000008130000-0x0000000008210000-memory.dmp

              Filesize

              896KB