Overview

overview

7

Static

static

A.Fawzy @a...ed.exe

windows7-x64

7

A.Fawzy @a...ed.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    35s
  • max time network
    37s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-09-2022 21:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    A.Fawzy @a_b8o_protected.exe

  • Size

    1.7MB

  • MD5

    f4512da807b988310eb2756230e30944

  • SHA1

    0e4d64f83f207961576592c081dd0476e287a0ef

  • SHA256

    f380744407f3c94931f72c8b3a0a884438eb08d77c96995be6dd0147fcf855bc

  • SHA512

    2e6e3850e87803de3fbe666e3fa9f669c19c65a0a352b7fc3c4f9a03036fa03cde2d48f76926164d0628868d442810f57166967fb89829846212d322aff11709

  • SSDEEP

    24576:hQ9u98/1Xx+nuiSgGKTdQ+iptzZDYudLDd+b1Me3kKL6M20RaIvuonXh:kITdQ+ipDcRMe3L6Mr97x

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\A.Fawzy @a_b8o_protected.exe
    "C:\Users\Admin\AppData\Local\Temp\A.Fawzy @a_b8o_protected.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1408
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 2328
      2⤵
      • Program crash
      PID:4360
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1408 -ip 1408
    1⤵
      PID:4844

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\d.dll
      Filesize

      124KB

      MD5

      86517901ec66f1fadc9ce6facaea9e31

      SHA1

      9ba130c485b2f59b7b11458b06792d6346bcdc91

      SHA256

      3b576950cff4d67a724f8df9d0db1f3f3195f54aca0cae86e9dc928cc0be022c

      SHA512

      bdffd3784a4d4ce9f58c60dade510f06d67943475a9bb01a38e89e57486b299d7e2cd35cf22f1d295bdb3ea854c6563e4774c15fdf2726f1f9c5b10f13f5df2f

      Download Submit
    • memory/1408-132-0x0000000005040000-0x00000000050DC000-memory.dmp
      Filesize

      624KB

      Download
    • memory/1408-133-0x00000000052D0000-0x0000000005362000-memory.dmp
      Filesize

      584KB

      Download
    • memory/1408-135-0x0000000006710000-0x0000000006CB4000-memory.dmp
      Filesize

      5.6MB

      Download
    • memory/1408-136-0x0000000006E80000-0x0000000006E8A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/1408-137-0x0000000007070000-0x00000000070C6000-memory.dmp
      Filesize

      344KB

      Download