Overview

overview

10

Static

static

IMG_6190.scr

windows7_x64

9

IMG_6190.scr

windows10-2004_x64

10

Analysis

  • max time kernel
    41s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21-05-2022 12:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IMG_6190.scr

  • Size

    732KB

  • MD5

    471c9316ed12a0bd184ac4b4f58a6c46

  • SHA1

    5e94a2f8fdfef1c75298e9b110419c7dc4075bbd

  • SHA256

    b1bbfa891537ee3acffe84ec8a7ebd4537170218372be4727d74c6c31ee4a546

  • SHA512

    32a3d4b514142f5204dfcb4dba5bfed6b2e177bd950024965a4f51bf9bcb1c617e73a61a28e3665f2e06e23dfe99a0f06e9d22e913db669f77e18934b0c6fe60

Score
9/10
rezer0

Malware Config

Signatures

  • ReZer0 packer 1 IoCs

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IMG_6190.scr
    "C:\Users\Admin\AppData\Local\Temp\IMG_6190.scr" /S
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Users\Admin\AppData\Local\Temp\IMG_6190.scr
      "C:\Users\Admin\AppData\Local\Temp\IMG_6190.scr"
      2⤵
        PID:1760
      • C:\Users\Admin\AppData\Local\Temp\IMG_6190.scr
        "C:\Users\Admin\AppData\Local\Temp\IMG_6190.scr"
        2⤵
          PID:628
        • C:\Users\Admin\AppData\Local\Temp\IMG_6190.scr
          "C:\Users\Admin\AppData\Local\Temp\IMG_6190.scr"
          2⤵
            PID:1792
          • C:\Users\Admin\AppData\Local\Temp\IMG_6190.scr
            "C:\Users\Admin\AppData\Local\Temp\IMG_6190.scr"
            2⤵
              PID:1536
            • C:\Users\Admin\AppData\Local\Temp\IMG_6190.scr
              "C:\Users\Admin\AppData\Local\Temp\IMG_6190.scr"
              2⤵
                PID:1524

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1368-54-0x00000000001D0000-0x000000000028E000-memory.dmp
              Filesize

              760KB

              Download
            • memory/1368-55-0x0000000076171000-0x0000000076173000-memory.dmp
              Filesize

              8KB

              Download
            • memory/1368-56-0x0000000000670000-0x0000000000678000-memory.dmp
              Filesize

              32KB

              Download
            • memory/1368-57-0x0000000005180000-0x000000000522E000-memory.dmp
              Filesize

              696KB

              Download