Overview

overview

10

Static

static

cb98930bce...37.exe

windows7-x64

1

cb98930bce...37.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    45s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    24-07-2022 20:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb98930bce872134743d81a536af49d6d74f48d544b6eb86721595fff9f7be37.exe

  • Size

    808KB

  • MD5

    5fb94c5b4ca3090c9fcfa3eaf5a756dc

  • SHA1

    015c63e0150aa708991c0089329bf56ef32017b9

  • SHA256

    cb98930bce872134743d81a536af49d6d74f48d544b6eb86721595fff9f7be37

  • SHA512

    3df0f4af100b9c243325e7769002c025acd982a502cf27493e2de77fe6e442bb02204205a5f919f47f0899788aeb0f9c643292298b9685ee6639ffd6537635e1

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb98930bce872134743d81a536af49d6d74f48d544b6eb86721595fff9f7be37.exe
    "C:\Users\Admin\AppData\Local\Temp\cb98930bce872134743d81a536af49d6d74f48d544b6eb86721595fff9f7be37.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
      "Powershell.exe" -ExecutionPolicy UnRestricted -NoLogo [System.Reflection.Assembly]::Load([Convert]::FromBase64String([IO.File]::ReadAllText('C:\Users\Admin\NTUSER'))).EntryPoint.Invoke($null,$null);
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\NTUSER
    Filesize

    366KB

    MD5

    4540c574e2578a4c7e39cf3c4369aac0

    SHA1

    d485e7f49fa47b8f30fdc3520bbb0514f5ba0841

    SHA256

    f230a941b83faa844c96639bb2445089aae7493bc21c9b0d51e575269aa0307c

    SHA512

    7ed62fecbfd15cfa3bcba8a760ae2c4ebe1fe96122c908e949097d2778b6d4d178279ae9308153ce16c12670bdab4f33379b172a915f5b2e22ee0f1200a788d5

    Download Submit

  • memory/1816-56-0x0000000000000000-mapping.dmp

    Download

  • memory/1816-58-0x0000000073E30000-0x00000000743DB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1816-60-0x0000000073E30000-0x00000000743DB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2028-54-0x00000000008F0000-0x00000000009C2000-memory.dmp

    Filesize

    840KB

    Download

  • memory/2028-55-0x0000000076091000-0x0000000076093000-memory.dmp

    Filesize

    8KB

    Download