Overview

overview

10

Static

static

8r9tVWwqo5U1Myj.exe

windows7_x64

1

8r9tVWwqo5U1Myj.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    45s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    24-05-2022 21:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8r9tVWwqo5U1Myj.exe

  • Size

    774KB

  • MD5

    da562b863edb03d976b5ba170ecb2961

  • SHA1

    561696a793ce3ef7f39ca1045a034dd08ec3e7f1

  • SHA256

    f98bb09a67afe83ca7b041488f460d2a8b96224d77f21117d5b0076e04706dd4

  • SHA512

    41a7a86f71851e0a5ef6244fd33b25108209d6c0477a00b56539a2773ab497dca5c34dda693a8bf77ab3355b48c8096c6eff51be577a468a754cfa87bdbdbfa4

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8r9tVWwqo5U1Myj.exe
    "C:\Users\Admin\AppData\Local\Temp\8r9tVWwqo5U1Myj.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:288
    • C:\Users\Admin\AppData\Local\Temp\8r9tVWwqo5U1Myj.exe
      "{path}"
      2⤵
        PID:1948
      • C:\Users\Admin\AppData\Local\Temp\8r9tVWwqo5U1Myj.exe
        "{path}"
        2⤵
          PID:900
        • C:\Users\Admin\AppData\Local\Temp\8r9tVWwqo5U1Myj.exe
          "{path}"
          2⤵
            PID:1944
          • C:\Users\Admin\AppData\Local\Temp\8r9tVWwqo5U1Myj.exe
            "{path}"
            2⤵
              PID:892
            • C:\Users\Admin\AppData\Local\Temp\8r9tVWwqo5U1Myj.exe
              "{path}"
              2⤵
                PID:840

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/288-54-0x0000000075391000-0x0000000075393000-memory.dmp

              Filesize

              8KB

              Download

            • memory/288-55-0x0000000074AD0000-0x000000007507B000-memory.dmp

              Filesize

              5.7MB

              Download