Overview

overview

10

Static

static

BPL_1057230.exe

windows7_x64

10

BPL_1057230.exe

windows10-2004_x64

3

Analysis

  • max time kernel
    149s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-06-2022 17:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BPL_1057230.exe

  • Size

    187KB

  • MD5

    72048fbaab48b29537a9b8b6af6bd37d

  • SHA1

    fb253b22ae678164dad4de1f8f472a1338c8582a

  • SHA256

    77053cffbf81fc755f5d119b907f63456ff18706a3274bf619315baf03411087

  • SHA512

    8909e498201a610020fd59e7bfc1340da71dc0ca8a4205adaba12151dd50a0cb0e88b0b358a361ecec5d6cefa5708bc7a19dea21e5b9d857d1057fce27640601

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BPL_1057230.exe
    "C:\Users\Admin\AppData\Local\Temp\BPL_1057230.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3416
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1572
      2⤵
      • Program crash
      PID:5020
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3416 -ip 3416
    1⤵
      PID:4244

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3416-130-0x0000000000E50000-0x0000000000E84000-memory.dmp

      Filesize

      208KB

      Download

    • memory/3416-131-0x0000000005E10000-0x00000000063B4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/3416-132-0x0000000005860000-0x00000000058F2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/3416-133-0x0000000005810000-0x000000000581A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3416-134-0x0000000007CD0000-0x0000000007D46000-memory.dmp

      Filesize

      472KB

      Download