Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    112s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-10-2022 14:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    369KB

  • MD5

    eaa05f191812aa654d5a31ae414e3600

  • SHA1

    b4b1b2aa42632e18ee016c86cd56cd7a75727cab

  • SHA256

    5de7480390c165160be72fe43824dbbddd6c16c605a19391ae37791d68405fb5

  • SHA512

    e07fc0287a51c3174dde5574d12b6c2fe1c00316ff9d396fa911a01c5ef66f1c444dae7a336196ec99e86aa51cc3f6ca159e5617b703d89bd786a0a7632c4723

  • SSDEEP

    6144:QyzvKLFSSTqxBG21z6SHs6XwA6QEU0hsluJRrvGSJ26t5XkxTzsn:Qyzy5SSTRSHsK6QlYNLCWt5XU2

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4324
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 1556
      2⤵
      • Program crash
      PID:2728
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4324 -ip 4324
    1⤵
      PID:3672

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4324-132-0x0000000004DB0000-0x0000000005354000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4324-133-0x00000000007E9000-0x0000000000820000-memory.dmp

      Filesize

      220KB

      Download

    • memory/4324-134-0x0000000000730000-0x0000000000788000-memory.dmp

      Filesize

      352KB

      Download

    • memory/4324-135-0x0000000000400000-0x00000000005BA000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/4324-136-0x0000000005360000-0x0000000005978000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4324-137-0x00000000059A0000-0x00000000059B2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4324-138-0x00000000059C0000-0x0000000005ACA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4324-139-0x0000000005AD0000-0x0000000005B0C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4324-140-0x0000000005DE0000-0x0000000005E72000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4324-141-0x0000000005E80000-0x0000000005EE6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4324-142-0x00000000066B0000-0x0000000006872000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4324-143-0x0000000006880000-0x0000000006DAC000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4324-144-0x0000000006EB0000-0x0000000006F26000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4324-145-0x0000000006F70000-0x0000000006F8E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4324-146-0x00000000007E9000-0x0000000000820000-memory.dmp

      Filesize

      220KB

      Download

    • memory/4324-147-0x0000000000400000-0x00000000005BA000-memory.dmp

      Filesize

      1.7MB

      Download