Overview

overview

10

Static

static

10

06e47a3fb5...38.exe

windows7_x64

5

06e47a3fb5...38.exe

windows10-2004_x64

5

Analysis

  • max time kernel
    138s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    31-05-2022 04:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06e47a3fb5ee958414663409671d17b084450ebb73b665b5b218beff32c5df38.exe

  • Size

    4.0MB

  • MD5

    dd5e7b36032fedfaa18bd02059a3bc10

  • SHA1

    f4bf184ceda9830173b0196b77e13e6df57b25d5

  • SHA256

    06e47a3fb5ee958414663409671d17b084450ebb73b665b5b218beff32c5df38

  • SHA512

    04e7b8369057a3d49885d92cb166181f53d435c1ec0f2dae77d1d59531f13efda2c37831bb2df200f156a664edd38195cc4025490eb557a963f5da4e2b064685

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06e47a3fb5ee958414663409671d17b084450ebb73b665b5b218beff32c5df38.exe
    "C:\Users\Admin\AppData\Local\Temp\06e47a3fb5ee958414663409671d17b084450ebb73b665b5b218beff32c5df38.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3944
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "mofcomp C:\Windows\WBEM\msupdate.mof"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1012
      • C:\Windows\SysWOW64\Wbem\mofcomp.exe
        mofcomp C:\Windows\WBEM\msupdate.mof
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:816
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c whoami
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5084
      • C:\Windows\SysWOW64\whoami.exe
        whoami
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2440
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:5052

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\WBEM\msupdate.mof
      Filesize

      660B

      MD5

      b70ae3f71fade0488b8b0f3779179dcb

      SHA1

      bf54be0517821042c9137925e411f5522be7f7f9

      SHA256

      459304c4f49ea4b4bc798bb9cc9b1722fa1ffe47ac887e8d2666fddfcdb6030c

      SHA512

      f851d870e0d9d8639ca76e4eac3638f9bd1050186c1708583751eaefcaa6777e5eae8163b5c7fb2eb46944e365bdfc1e0abfbc9ab98858131b126e1488900ad6

      Download Submit
    • memory/816-131-0x0000000000000000-mapping.dmp
      Download
    • memory/1012-130-0x0000000000000000-mapping.dmp
      Download
    • memory/2440-134-0x0000000000000000-mapping.dmp
      Download
    • memory/5084-133-0x0000000000000000-mapping.dmp
      Download