Overview

overview

8

Static

static

613b5396ba...30.exe

windows7-x64

8

613b5396ba...30.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    47s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2022, 20:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    613b5396ba3ad400a557af19aa2d763a80f7b53546ae344904b2c9b12f08d730.exe

  • Size

    398KB

  • MD5

    0b93d99536f34ecc70992c38be7aaef0

  • SHA1

    1c335773eaaefedd00fe78f4cfb734c8cbbfbff9

  • SHA256

    613b5396ba3ad400a557af19aa2d763a80f7b53546ae344904b2c9b12f08d730

  • SHA512

    3fcd9a17710e6d14042b66ca8b0e098fa04c38ec17f231335034e5b4d53849afaad061fe8a802f4aa1888043ec1491f5ef906082be7518f7263f664759755205

  • SSDEEP

    12288:qvqlqSrzEAupLiPuSrN0VMazGjXytzl0RbfpwSD:wsqSroAupL8uSrOVMPyudHD

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 5 IoCs
  • Drops file in Windows directory 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\613b5396ba3ad400a557af19aa2d763a80f7b53546ae344904b2c9b12f08d730.exe
    "C:\Users\Admin\AppData\Local\Temp\613b5396ba3ad400a557af19aa2d763a80f7b53546ae344904b2c9b12f08d730.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1392
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:940
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    1⤵
    • Executes dropped EXE
    PID:604
  • C:\Windows\system32\dllhost.exe
    C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    1⤵
      PID:1348

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
            Filesize

            28KB

            MD5

            e23d2cae31795ad4102cafa760f67454

            SHA1

            e17e792b3ed73c89a09b7618a5c3c70d2dc3f4e1

            SHA256

            450c0eb2ee4b31dc26352769ba44dc94e518bf092161633aa2c281804ce29672

            SHA512

            46884bbc6a910886c44a698a2a2d420533d03a3da8fefad156b49478d84dd284042b74ac5766dad523a5ea10a0dc6d2f26ce7aae4be03c5977eb63dacf01f857

            Download Submit

          • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
            Filesize

            31KB

            MD5

            a5a4eb70035299ab8f5c38522d9b1163

            SHA1

            1daa2d226744ccc783bce6f9cd227f114d719625

            SHA256

            98c53307b336ce8a4d9f24666ecac4110121dca7d5e18d44e3171c8cfecf1637

            SHA512

            e332a23f08ca8c15575f2859dee69fad320809adfb78fe132f25d0d33c7f643a42810c81e7735facc39a5210af5da1c20cfb72c978411d15cb0f72456a62132c

            Download Submit

          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
            Filesize

            12KB

            MD5

            7ac45d61650d69c6879fb21271541cf0

            SHA1

            32544350ab34d49fb2726ff088040d3738b189dd

            SHA256

            c3719946b1378816f0ec2f38e56a15c4473215d2e829d8710d14208f19ca506c

            SHA512

            fdab2d9705e45f2e33e18156d4f0e7f81f51598208ff0252875abbf19ae2ea351887a5976d45b12c302fa2c1a379bf3b785656d215069db6e79f2dda3aaf4053

            Download Submit

          • memory/604-61-0x0000000000400000-0x0000000000495000-memory.dmp

            Filesize

            596KB

            Download

          • memory/940-59-0x0000000010000000-0x000000001008C000-memory.dmp

            Filesize

            560KB

            Download

          • memory/1392-54-0x0000000001000000-0x00000000010B1000-memory.dmp

            Filesize

            708KB

            Download

          • memory/1392-55-0x0000000075521000-0x0000000075523000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1392-56-0x0000000001000000-0x00000000010B1000-memory.dmp

            Filesize

            708KB

            Download