Overview

overview

10

Static

static

file.exe

windows7-x64

8

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2022 17:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    603KB

  • MD5

    dd1ad945db47825113b0e951efc4329e

  • SHA1

    c4a2434faf1e56b006e66bbfdf00b6b338d5412c

  • SHA256

    c6d746c1cfde6d2f1d19a371be49f86cb8baf750f3678fdeea5803dea510a0d2

  • SHA512

    2369cf1deaa2d656eb84811f08103ba632e4b11b8347139b4a821d96a36379576905cfa188825a774a7cfffe33f4348d396dbde0b4b0c3ab31b33503bc1f6b9d

  • SSDEEP

    1536:srae78zjORCDGwfdCSog01313hEs5gQOcIKMJ+8P:0ahKyd2n31xd55OcIKMJ+8P

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:852
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\perfofov.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\perfofov.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:944

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\perfofov.exe
    Filesize

    333.8MB

    MD5

    41be89e700a570e385aad7875f1fa3f2

    SHA1

    efa1cbab2e7edcb50b340682704ce7a01667590d

    SHA256

    a53c6bf724eaacefc624728f76444340827fcea7072b60d4cf980f9a2bc1c023

    SHA512

    c99bd6d21f07de196d588ad1a7e2e715dc85ce33b18fcd1f67bfa526255c6dbaefee3349eeb9d0a169e0ddc75a2d73931db75de08e29bd8f2b0055f4fbd8881b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\perfofov.exe
    Filesize

    333.8MB

    MD5

    41be89e700a570e385aad7875f1fa3f2

    SHA1

    efa1cbab2e7edcb50b340682704ce7a01667590d

    SHA256

    a53c6bf724eaacefc624728f76444340827fcea7072b60d4cf980f9a2bc1c023

    SHA512

    c99bd6d21f07de196d588ad1a7e2e715dc85ce33b18fcd1f67bfa526255c6dbaefee3349eeb9d0a169e0ddc75a2d73931db75de08e29bd8f2b0055f4fbd8881b

    Download Submit
  • memory/944-54-0x0000000000000000-mapping.dmp
    Download
  • memory/944-57-0x0000000000F60000-0x0000000000F68000-memory.dmp
    Filesize

    32KB

    Download
  • memory/944-58-0x0000000074E41000-0x0000000074E43000-memory.dmp
    Filesize

    8KB

    Download