Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-11-2022 16:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    350KB

  • MD5

    ff6c48bb6365860d0b286f5c3c2dfa98

  • SHA1

    eb469f89fc01114cd8f61063a1d430051c5b7f2b

  • SHA256

    b9467435e46a884005982db9894d3a04d88f170b18769ecba1a7145748016d6f

  • SHA512

    8025fb690be303edc820d7e4b20113ae1475dae603c55ec9f006dd8850009ddf470294d48a86f282d20ff3900cffb92408105f468a8eec7342eb5a649d86c7d1

  • SSDEEP

    6144:RADnt8y/LEysCriXuwwdXomRIE50wAbJyTF+vMV4EBxjGyrP:RAbK4oysCQMYmRISx8ATmE7T

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4340
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 1632
      2⤵
      • Program crash
      PID:4708
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4340 -ip 4340
    1⤵
      PID:4412

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4340-132-0x0000000004D30000-0x00000000052D4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4340-133-0x000000000061D000-0x0000000000651000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4340-134-0x00000000021E0000-0x000000000224E000-memory.dmp

      Filesize

      440KB

      Download

    • memory/4340-135-0x0000000000400000-0x00000000005B3000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/4340-136-0x0000000005330000-0x0000000005948000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4340-137-0x00000000059B0000-0x00000000059C2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4340-138-0x00000000059D0000-0x0000000005ADA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4340-139-0x0000000005AE0000-0x0000000005B1C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4340-140-0x0000000005DF0000-0x0000000005E82000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4340-141-0x0000000005E90000-0x0000000005EF6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4340-142-0x00000000066C0000-0x0000000006882000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4340-143-0x0000000006890000-0x0000000006DBC000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4340-144-0x0000000006EB0000-0x0000000006F26000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4340-145-0x0000000006F90000-0x0000000006FAE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4340-146-0x000000000061D000-0x0000000000651000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4340-147-0x0000000000400000-0x00000000005B3000-memory.dmp

      Filesize

      1.7MB

      Download