Overview

overview

1

Static

static

ConsoleApp...n1.exe

windows7-x64

1

ConsoleApp...n1.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    35s
  • max time network
    40s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-09-2022 12:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ConsoleApplication1.exe

  • Size

    65KB

  • MD5

    8284edeebeeb7c24ebfcd2f5fc08f78a

  • SHA1

    67c770cd9acbd217ab6e7ef1a5d7a80567b027c1

  • SHA256

    438e253ee8c1f199ccabeea03e2e2362a6980d74ed8ee107f0ffe742429395d8

  • SHA512

    0ab528941804dbbc58f630908f509d8bde9a5f158de4e912d3e16b38504d3512a83b32d80146b6a92827f4e22950f8c2146fee4b96d74e253e23a823db55388b

  • SSDEEP

    384:mindA+iaAdluS3FkeTraQ0yXH6osIMDit69ThL3HmxvwyQfB1HBGcLzR9A69XnOD:LdtU1f4y3rZSLXmxvwzB7jzR9A691m

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ConsoleApplication1.exe
    "C:\Users\Admin\AppData\Local\Temp\ConsoleApplication1.exe"
    1⤵
      PID:860
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
      1⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:752
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4156

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/752-133-0x00007FF7F5170000-0x00007FF7F5180000-memory.dmp

        Filesize

        64KB

        Download

      • memory/752-135-0x00007FF7F5170000-0x00007FF7F5180000-memory.dmp

        Filesize

        64KB

        Download

      • memory/752-134-0x00007FF7F5170000-0x00007FF7F5180000-memory.dmp

        Filesize

        64KB

        Download

      • memory/752-136-0x00007FF7F5170000-0x00007FF7F5180000-memory.dmp

        Filesize

        64KB

        Download

      • memory/752-137-0x00007FF7F5170000-0x00007FF7F5180000-memory.dmp

        Filesize

        64KB

        Download

      • memory/752-138-0x00007FF7F2860000-0x00007FF7F2870000-memory.dmp

        Filesize

        64KB

        Download

      • memory/752-139-0x00007FF7F2860000-0x00007FF7F2870000-memory.dmp

        Filesize

        64KB

        Download

      • memory/752-141-0x00007FF7F5170000-0x00007FF7F5180000-memory.dmp

        Filesize

        64KB

        Download

      • memory/752-142-0x00007FF7F5170000-0x00007FF7F5180000-memory.dmp

        Filesize

        64KB

        Download

      • memory/752-143-0x00007FF7F5170000-0x00007FF7F5180000-memory.dmp

        Filesize

        64KB

        Download

      • memory/752-144-0x00007FF7F5170000-0x00007FF7F5180000-memory.dmp

        Filesize

        64KB

        Download

      • memory/860-132-0x00007FF625860000-0x00007FF625887000-memory.dmp

        Filesize

        156KB

        Download