Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/10/2022, 20:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    386KB

  • MD5

    943c6088d6651a165b753b43cd1d3f79

  • SHA1

    9896f1d586c3f9e0d8c4233b041e2dc557361926

  • SHA256

    0bfd36ee4ee63be807f6fff93b856f0213c01e0f90bcad14ca9759c20eb4ef40

  • SHA512

    c7cb6d48e4d10a02f5619aef39d61d7588b598726b7958d1695b92ca0d8487f042a2e761b2644450bf1baccdc017f1c7602c0e518bc969ac5001f8fea2ab21e3

  • SSDEEP

    6144:vr2LidN/AlznV5/dmQceWCqaWCBbJ9lwz86rJjIw5X5h5DVHM8iO6:viOdN/AlX1r6rJ0gX5hldgx

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1528
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 1236
      2⤵
      • Program crash
      PID:1424
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 1528 -ip 1528
    1⤵
      PID:3376

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1528-132-0x0000000002F33000-0x0000000002F69000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1528-133-0x00000000049C0000-0x0000000004A18000-memory.dmp

      Filesize

      352KB

      Download

    • memory/1528-134-0x0000000007630000-0x0000000007BD4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1528-135-0x0000000000400000-0x0000000002C4F000-memory.dmp

      Filesize

      40.3MB

      Download

    • memory/1528-136-0x0000000007BE0000-0x00000000081F8000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/1528-137-0x0000000005000000-0x0000000005012000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1528-138-0x00000000074A0000-0x00000000075AA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1528-139-0x00000000075B0000-0x00000000075EC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1528-140-0x0000000008470000-0x00000000084D6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/1528-141-0x0000000008B30000-0x0000000008BC2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1528-142-0x0000000008C10000-0x0000000008DD2000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/1528-143-0x0000000008DF0000-0x000000000931C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/1528-144-0x0000000009680000-0x00000000096F6000-memory.dmp

      Filesize

      472KB

      Download

    • memory/1528-145-0x0000000009750000-0x000000000976E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/1528-146-0x0000000002F33000-0x0000000002F69000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1528-147-0x0000000002F33000-0x0000000002F69000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1528-148-0x0000000000400000-0x0000000002C4F000-memory.dmp

      Filesize

      40.3MB

      Download