Overview

overview

8

Static

static

2ec4651c25...7c.exe

windows7-x64

8

2ec4651c25...7c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-09-2022 08:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ec4651c25eae0394a347ad3dc16c5c9647e13c624969392001e424ddf0a9a7c.exe

  • Size

    273KB

  • MD5

    30b485a831a5dd28b3e6905fb7c93b17

  • SHA1

    bdafaa2a215f83e7a934eb5f6a032623bc86b15c

  • SHA256

    2ec4651c25eae0394a347ad3dc16c5c9647e13c624969392001e424ddf0a9a7c

  • SHA512

    252056db641cc2c62eb0e0bad6452cf8859f8876512006a2131d1bc2f9a67a45dc59dd85b6c22cab24433841ff4cea5327bead07040ef6fa3b0c1b5e6f5eb610

  • SSDEEP

    6144:oTKGJ4pXPVreZyOZzh9CI4l4DlhZbsIHdo1qBAEft0z:gveXPV0ywPCIPhbo6AH

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ec4651c25eae0394a347ad3dc16c5c9647e13c624969392001e424ddf0a9a7c.exe
    "C:\Users\Admin\AppData\Local\Temp\2ec4651c25eae0394a347ad3dc16c5c9647e13c624969392001e424ddf0a9a7c.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2492
  • C:\Windows\exploret.exe
    C:\Windows\exploret.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4412
    • C:\WINDOWS\SysWOW64\SvcHost.eXe
      C:\WINDOWS\system32\SvcHost.eXe
      2⤵
        PID:1648
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 12
          3⤵
          • Program crash
          PID:2968
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1648 -ip 1648
      1⤵
        PID:3468

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\exploret.exe
        Filesize

        273KB

        MD5

        30b485a831a5dd28b3e6905fb7c93b17

        SHA1

        bdafaa2a215f83e7a934eb5f6a032623bc86b15c

        SHA256

        2ec4651c25eae0394a347ad3dc16c5c9647e13c624969392001e424ddf0a9a7c

        SHA512

        252056db641cc2c62eb0e0bad6452cf8859f8876512006a2131d1bc2f9a67a45dc59dd85b6c22cab24433841ff4cea5327bead07040ef6fa3b0c1b5e6f5eb610

        Download Submit

      • C:\Windows\exploret.exe
        Filesize

        273KB

        MD5

        30b485a831a5dd28b3e6905fb7c93b17

        SHA1

        bdafaa2a215f83e7a934eb5f6a032623bc86b15c

        SHA256

        2ec4651c25eae0394a347ad3dc16c5c9647e13c624969392001e424ddf0a9a7c

        SHA512

        252056db641cc2c62eb0e0bad6452cf8859f8876512006a2131d1bc2f9a67a45dc59dd85b6c22cab24433841ff4cea5327bead07040ef6fa3b0c1b5e6f5eb610

        Download Submit

      • memory/1648-137-0x0000000000000000-mapping.dmp

        Download

      • memory/1648-138-0x0000000000400000-0x000000000050B000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/2492-132-0x0000000000400000-0x000000000050B000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/2492-133-0x0000000000400000-0x000000000050B000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/2492-140-0x0000000000400000-0x000000000050B000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/4412-136-0x0000000000400000-0x000000000050B000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/4412-139-0x0000000000400000-0x000000000050B000-memory.dmp

        Filesize

        1.0MB

        Download