Overview

overview

8

Static

static

64929a535c...4f.exe

windows7-x64

8

64929a535c...4f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    24s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2022, 22:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64929a535c0745e37e4952f82a4a383d7a5dd13b9fbd31c8979378959169594f.exe

  • Size

    47KB

  • MD5

    90aecba4ccafea3fccecaea76b579260

  • SHA1

    9cbcd1f4f2ded454d3dd7a925b357a6c1976079d

  • SHA256

    64929a535c0745e37e4952f82a4a383d7a5dd13b9fbd31c8979378959169594f

  • SHA512

    6cdb1ff552f9100b53b12522bd15dd3414bbd36fdd2b6d348d4368f7ff89a35167c2945ff0fe49983a335a00e5f411d74ae2d877692bc79f97e897b9ff3c920e

  • SSDEEP

    768:V9XQtkO8Zxuq43gxre8fvT/g+rLNljZOWvSq49tUtlE2japO0fUWaqDHBV70c4KJ:VdSE75xre8fvT/fPjZOW6162Mp07uy7f

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops startup file 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64929a535c0745e37e4952f82a4a383d7a5dd13b9fbd31c8979378959169594f.exe
    "C:\Users\Admin\AppData\Local\Temp\64929a535c0745e37e4952f82a4a383d7a5dd13b9fbd31c8979378959169594f.exe"
    1⤵
    • Drops startup file
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:524
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsass.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsass.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4856
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe
        3⤵
        • Suspicious behavior: MapViewOfSection
        PID:4936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsass.exe
    Filesize

    47KB

    MD5

    90aecba4ccafea3fccecaea76b579260

    SHA1

    9cbcd1f4f2ded454d3dd7a925b357a6c1976079d

    SHA256

    64929a535c0745e37e4952f82a4a383d7a5dd13b9fbd31c8979378959169594f

    SHA512

    6cdb1ff552f9100b53b12522bd15dd3414bbd36fdd2b6d348d4368f7ff89a35167c2945ff0fe49983a335a00e5f411d74ae2d877692bc79f97e897b9ff3c920e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsass.exe
    Filesize

    47KB

    MD5

    90aecba4ccafea3fccecaea76b579260

    SHA1

    9cbcd1f4f2ded454d3dd7a925b357a6c1976079d

    SHA256

    64929a535c0745e37e4952f82a4a383d7a5dd13b9fbd31c8979378959169594f

    SHA512

    6cdb1ff552f9100b53b12522bd15dd3414bbd36fdd2b6d348d4368f7ff89a35167c2945ff0fe49983a335a00e5f411d74ae2d877692bc79f97e897b9ff3c920e

    Download Submit

  • memory/4856-136-0x0000000002660000-0x0000000002687000-memory.dmp

    Filesize

    156KB

    Download

  • memory/4936-137-0x0000000000CE0000-0x0000000000D07000-memory.dmp

    Filesize

    156KB

    Download