Overview

overview

7

Static

static

3

SAS4Tool.exe

windows7-x64

7

SAS4Tool.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    38s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-09-2022 06:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SAS4Tool.exe

  • Size

    21.3MB

  • MD5

    140516fd8188dd11449ec77a32459d46

  • SHA1

    04e2ac1219a242108322a7ccf84dc5127f3d3836

  • SHA256

    fbad630a01ca15e4e49e65eacc26c2829618d7b22d6cfd4135c9b12eaebbfe7b

  • SHA512

    9ab13de4d738b727f831daec4169f69a41e589ed6ae7f438ac76ba61a7afcefe7239840dd654f24e10af9de6f70a08181b5fdaaef0e314fad544364c0547f13a

  • SSDEEP

    393216:RUxL2VmIGrtwlIrBJc/cVpwduaWwkH0KIBIV6mPFFow/6JMDMBkFq3+d9V0W8kuW:mxyVmIGrtMIDc/SKduUetISVnFow/Nk+

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SAS4Tool.exe
    "C:\Users\Admin\AppData\Local\Temp\SAS4Tool.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Users\Admin\AppData\Local\Temp\SAS4Tool.exe
      "C:\Users\Admin\AppData\Local\Temp\SAS4Tool.exe"
      2⤵
      • Loads dropped DLL
      PID:1336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI15042\python310.dll
    Filesize

    4.2MB

    MD5

    e9c0fbc99d19eeedad137557f4a0ab21

    SHA1

    8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf

    SHA256

    5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5

    SHA512

    74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI15042\python310.dll
    Filesize

    4.2MB

    MD5

    e9c0fbc99d19eeedad137557f4a0ab21

    SHA1

    8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf

    SHA256

    5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5

    SHA512

    74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b

    Download Submit
  • memory/1336-54-0x0000000000000000-mapping.dmp
    Download