Overview

overview

6

Static

static

9beb3fcad2...75.exe

windows7-x64

3

9beb3fcad2...75.exe

windows10-2004-x64

6

Resubmissions

16-10-2022 11:14

221016-nchakahdan 6

16-10-2022 10:56

221016-m149kahda3 3

Analysis

  • max time kernel
    93s
  • max time network
    181s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2022 11:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9beb3fcad21f5ff7378d14217abeaa734cb1272471ca928185186e7a52678675.exe

  • Size

    3.9MB

  • MD5

    d8dfac398555e946ecc533198738f8c6

  • SHA1

    35f4571b7efe542d6a5b7681d8d9276274c0d52d

  • SHA256

    9beb3fcad21f5ff7378d14217abeaa734cb1272471ca928185186e7a52678675

  • SHA512

    5df2fd14453cd47f3db78ba48b9771253033e05807feead7c7174738f5d5ea6b18a47f68d55f88fb9d9d2dbac25f3af2d2bbad9f3087ef1b330d2c43c35b4939

  • SSDEEP

    98304:a9KhGI6eXdNk/kgz/3lvoYXHbpEYpJDW5sRhjQFfy:aqD6eXPBQ/3lwYXlEYphWmRqy

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9beb3fcad21f5ff7378d14217abeaa734cb1272471ca928185186e7a52678675.exe
    "C:\Users\Admin\AppData\Local\Temp\9beb3fcad21f5ff7378d14217abeaa734cb1272471ca928185186e7a52678675.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5068
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      /Processid:-c
      2⤵
        PID:2428
        • C:\Windows\system32\WerFault.exe
          C:\Windows\system32\WerFault.exe -u -p 2428 -s 772
          3⤵
          • Program crash
          PID:4456
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -pss -s 408 -p 2428 -ip 2428
      1⤵
        PID:2032
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
          PID:1944

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2428-157-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-174-0x00007FF9F3B20000-0x00007FF9F45E1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2428-171-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-173-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-170-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-160-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-169-0x00007FF9F3B20000-0x00007FF9F45E1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2428-159-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-166-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-165-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-142-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-145-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-146-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-148-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-147-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-150-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-152-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-153-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-156-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-163-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2428-162-0x0000000000400000-0x0000000000476000-memory.dmp

          Filesize

          472KB

          Download

        • memory/5068-181-0x00007FFA104F0000-0x00007FFA105AE000-memory.dmp

          Filesize

          760KB

          Download

        • memory/5068-132-0x000001D53F8D0000-0x000001D53FCC2000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/5068-137-0x00007FFA11CD0000-0x00007FFA11EC5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/5068-141-0x00007FFA11CD0000-0x00007FFA11EC5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/5068-140-0x00007FFA10C40000-0x00007FFA10CEC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/5068-138-0x00007FFA104F0000-0x00007FFA105AE000-memory.dmp

          Filesize

          760KB

          Download

        • memory/5068-133-0x00007FF9F3B20000-0x00007FF9F45E1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5068-183-0x00007FFA10C40000-0x00007FFA10CEC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/5068-135-0x000001D55D020000-0x000001D55D032000-memory.dmp

          Filesize

          72KB

          Download

        • memory/5068-139-0x00007FFA0F630000-0x00007FFA0F8F9000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/5068-176-0x00007FFA104F0000-0x00007FFA105AE000-memory.dmp

          Filesize

          760KB

          Download

        • memory/5068-175-0x00007FFA11CD0000-0x00007FFA11EC5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/5068-177-0x00007FFA0F630000-0x00007FFA0F8F9000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/5068-178-0x00007FFA10C40000-0x00007FFA10CEC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/5068-179-0x00007FF9F3B20000-0x00007FF9F45E1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5068-180-0x00007FFA11CD0000-0x00007FFA11EC5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/5068-134-0x00007FF9F3B20000-0x00007FF9F45E1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5068-182-0x00007FFA0F630000-0x00007FFA0F8F9000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/5068-136-0x000001D55EC10000-0x000001D55F0DC000-memory.dmp

          Filesize

          4.8MB

          Download