Overview

overview

10

Static

static

835fce14e9...3b.exe

windows7-x64

10

835fce14e9...3b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220718-en
  • resource tags

    arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
  • submitted
    24-07-2022 14:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    835fce14e9e8a1024d0a220442bb7d48a0db8730317c84e91bde48cb6ee0603b.exe

  • Size

    678KB

  • MD5

    2aee32c7d122a76eb0aeb622c0fd63a1

  • SHA1

    85fe028305d01afff1885cf977121b3dd7b7207f

  • SHA256

    835fce14e9e8a1024d0a220442bb7d48a0db8730317c84e91bde48cb6ee0603b

  • SHA512

    e12fd3e866c823a995d0736a64a7063a2eee9e9d7cafd9fc5559165d952b098c944c48413d8a28a87d22fdab71490c90697752cdadaa5f7cdb78747ee18f12dc

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 3 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in System32 directory 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • System policy modification 1 TTPs 3 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\835fce14e9e8a1024d0a220442bb7d48a0db8730317c84e91bde48cb6ee0603b.exe
    "C:\Users\Admin\AppData\Local\Temp\835fce14e9e8a1024d0a220442bb7d48a0db8730317c84e91bde48cb6ee0603b.exe"
    1⤵
    • UAC bypass
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Drops desktop.ini file(s)
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • System policy modification
    PID:1752
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:1592

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1752-54-0x00000000049D0000-0x0000000004A78000-memory.dmp

      Filesize

      672KB

      Download

    • memory/1752-55-0x0000000004840000-0x00000000048E8000-memory.dmp

      Filesize

      672KB

      Download

    • memory/1752-56-0x00000000757E1000-0x00000000757E3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1752-57-0x00000000048EA000-0x00000000048FB000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1752-58-0x00000000048EA000-0x00000000048FB000-memory.dmp

      Filesize

      68KB

      Download