Overview

overview

4

Static

static

e6688e467f...7f.exe

windows7-x64

1

e6688e467f...7f.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    135s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/11/2022, 10:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e6688e467fad56770ec3b017f727174fd8912e8c6b8ceec75c0b594b647b2a7f.exe

  • Size

    84KB

  • MD5

    2eef4c29a7177e69ce398e01bb010790

  • SHA1

    43d8a72671aff0dfbadbb49631b37fc49fdd9a72

  • SHA256

    e6688e467fad56770ec3b017f727174fd8912e8c6b8ceec75c0b594b647b2a7f

  • SHA512

    22dbde3a5b07fe39b7319faac59b1395c45c48ed384096750dfb8539f1cf06aa513d374043c3aa362eeab92eb820352f6885e816b43c4f39acff898ae965ca79

  • SSDEEP

    1536:VgAf/b97wPOMwB/vPe1Cfcb3QU9kVz5abqcDY0iCec2J+:VgUoRcHPSCfcbgGS5Eq4Y0iCh2J+

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e6688e467fad56770ec3b017f727174fd8912e8c6b8ceec75c0b594b647b2a7f.exe
    "C:\Users\Admin\AppData\Local\Temp\e6688e467fad56770ec3b017f727174fd8912e8c6b8ceec75c0b594b647b2a7f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1580
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 868
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:3112

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1580-133-0x0000000074FD0000-0x0000000075581000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/1580-134-0x0000000074FD0000-0x0000000075581000-memory.dmp

          Filesize

          5.7MB

          Download