Overview

overview

10

Static

static

fucker script.exe

windows7-x64

6

fucker script.exe

windows10-1703-x64

1

fucker script.exe

windows10-2004-x64

10

Resubmissions

11/10/2022, 17:08

221011-vnmsrafbdn 6

10/10/2022, 15:31

221010-syaj3acdb3 10

09/10/2022, 15:59

221009-tfb6lshbg4 10

09/10/2022, 15:28

221009-swtvxshceq 10

09/10/2022, 13:04

221009-qa2brshab7 10

09/10/2022, 13:03

221009-qaj3gshab6 1

09/10/2022, 12:59

221009-p8jnyahaa6 10

09/10/2022, 12:54

221009-p5m7yshbdm 10

08/10/2022, 21:32

221008-1dxg4afgb8 10

08/10/2022, 13:52

221008-q6p9daegh5 1

Analysis

  • max time kernel
    369s
  • max time network
    1588s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10/10/2022, 15:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fucker script.exe

  • Size

    104KB

  • MD5

    db0655efbe0dbdef1df06207f5cb5b5b

  • SHA1

    a8d48d5c0042ce359178d018c0873e8a7c2f27e8

  • SHA256

    52972a23ab12b95cd51d71741db2cf276749e56030c092e2e4f0907dcb1fbd56

  • SHA512

    5adc8463c3e148a66f8afdeefc31f2b3ffeb12b7641584d1d24306b0898da60a8b9b948bb4f9b7d693185f2daa9bd9437b3b84cebc0eabfa84dfcef6938e1704

  • SSDEEP

    1536:m5iT3FccnYWkyjWpOku3yUyJCbyVAvy7+fRo:3LOcxkyjW3wvHq

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fucker script.exe
    "C:\Users\Admin\AppData\Local\Temp\fucker script.exe"
    1⤵
      PID:2792
    • C:\Windows\system32\pcwrun.exe
      C:\Windows\system32\pcwrun.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" ContextMenu
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4360
      • C:\Windows\System32\msdt.exe
        C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCWC671.xml /skip TRUE
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:5040
    • C:\Windows\System32\sdiagnhost.exe
      C:\Windows\System32\sdiagnhost.exe -Embedding
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4676

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\PCWC671.xml
      Filesize

      746B

      MD5

      b6417bc9e2c8a094bad043bd548c9cbd

      SHA1

      a746ce44daefc7ba968f09ea2fee3d33e9dbf57e

      SHA256

      1a3521faac0bf9713d062baab4dff0ecbac1acc89b4c30222f10ae33cdf1d0c9

      SHA512

      f094f2e9c7328c55963be35669a86c58852dd8b04580bbd50cb92c915a9b9e4975bb90c652fb2d2a6337373f6701690f36871a99ff533d684b5e67ea7f34d39b

      Download Submit

    • memory/2792-132-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-140-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-123-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-124-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-125-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-126-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-127-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-128-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-129-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-130-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-131-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-120-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-122-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-121-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-139-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-136-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-137-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-138-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-135-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-133-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-141-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-142-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2792-134-0x00000000772F0000-0x000000007747E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4676-151-0x0000020FED8B0000-0x0000020FED8D2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4676-154-0x0000020FED960000-0x0000020FED9D6000-memory.dmp

      Filesize

      472KB

      Download