Overview

overview

10

Static

static

頂通-秘...��.exe

windows7-x64

10

頂通-秘...��.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/10/2022, 16:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    頂通-秘密教學.exe

  • Size

    365KB

  • MD5

    bf39e7a86c8a03b0426cecdf168b7e0b

  • SHA1

    eed580837a13c657eb1604705c95942b80f2a482

  • SHA256

    857072690ec85093decb9c837a6150ba11a596213d48f81bd2014fe811d95295

  • SHA512

    8fc3673453b1f4da92dcbff6f0917d3b04b4e88ff65cc3be96bd982084bdd1ccfd400e64e62c0b26586230119b809b3a1acc6db6d6b5ca1c84f4bc48f3fa7d09

  • SSDEEP

    6144:tXv9NvGCLQCkyhX80cWeBhh/qNKisTsIlUcvTUHdpJMVV2o:tXv9NvfECkyhd8Z/qNCIsT2dXK

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\頂通-秘密教學.exe
    "C:\Users\Admin\AppData\Local\Temp\頂通-秘密教學.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4584
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 1808
      2⤵
      • Program crash
      PID:4416
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4584 -ip 4584
    1⤵
      PID:2260

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4584-132-0x0000000000613000-0x0000000000644000-memory.dmp

            Filesize

            196KB

            Download

          • memory/4584-133-0x00000000021C0000-0x00000000021FE000-memory.dmp

            Filesize

            248KB

            Download

          • memory/4584-134-0x0000000000400000-0x00000000005B4000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/4584-135-0x0000000004EE0000-0x0000000005484000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/4584-136-0x0000000004D20000-0x0000000004DB2000-memory.dmp

            Filesize

            584KB

            Download

          • memory/4584-137-0x00000000055F0000-0x0000000005C08000-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/4584-138-0x0000000005490000-0x000000000559A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/4584-139-0x0000000004E80000-0x0000000004E92000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4584-140-0x00000000055A0000-0x00000000055DC000-memory.dmp

            Filesize

            240KB

            Download

          • memory/4584-141-0x0000000005E90000-0x0000000005EF6000-memory.dmp

            Filesize

            408KB

            Download

          • memory/4584-142-0x0000000000613000-0x0000000000644000-memory.dmp

            Filesize

            196KB

            Download

          • memory/4584-143-0x0000000006670000-0x00000000066E6000-memory.dmp

            Filesize

            472KB

            Download

          • memory/4584-144-0x00000000066F0000-0x0000000006740000-memory.dmp

            Filesize

            320KB

            Download

          • memory/4584-145-0x0000000006770000-0x0000000006932000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/4584-146-0x0000000006940000-0x0000000006E6C000-memory.dmp

            Filesize

            5.2MB

            Download

          • memory/4584-147-0x0000000000613000-0x0000000000644000-memory.dmp

            Filesize

            196KB

            Download

          • memory/4584-148-0x0000000000400000-0x00000000005B4000-memory.dmp

            Filesize

            1.7MB

            Download