Overview

overview

10

Static

static

7cf72f770a...f4.exe

windows7-x64

10

7cf72f770a...f4.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    43s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    30-10-2022 12:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7cf72f770ac3613a3410d6cef74d9cc5dbd239535770662ea1070df6afefc1f4.exe

  • Size

    108KB

  • MD5

    a2f4e51fe461378ef4b2cf706a0c5030

  • SHA1

    4839e8fec3327460ec4f5e9e117829016ed791aa

  • SHA256

    7cf72f770ac3613a3410d6cef74d9cc5dbd239535770662ea1070df6afefc1f4

  • SHA512

    ef024d95002dfc35ceb4578e20dda8c44eba9b663aed83d7d103b021f2f4e1e55674d193268aba965d0bf520973c94fe4eb5e623374bb23083f07a97e0f6c136

  • SSDEEP

    1536:FZlAv1IpcqNRYcQOJ7co+ZJSecHek8cqvY9B/xKPkdWOfGCC6ENN3KqWf7C:c13wRYcFco+JVAezFxeWOuj/aqWTC

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7cf72f770ac3613a3410d6cef74d9cc5dbd239535770662ea1070df6afefc1f4.exe
    "C:\Users\Admin\AppData\Local\Temp\7cf72f770ac3613a3410d6cef74d9cc5dbd239535770662ea1070df6afefc1f4.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: MapViewOfSection
    PID:1228
  • C:\Windows\syswow64\svchost.exe
    "C:\Windows\syswow64\svchost.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:1720

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1228-54-0x0000000000220000-0x0000000000230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1228-55-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1228-56-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1228-57-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1284-58-0x0000000076DB0000-0x0000000076F59000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1284-60-0x0000000002220000-0x0000000002227000-memory.dmp

    Filesize

    28KB

    Download

  • memory/1720-59-0x0000000075A11000-0x0000000075A13000-memory.dmp

    Filesize

    8KB

    Download