Overview

overview

7

Static

static

e947ccc8c7...d8.exe

windows7-x64

7

e947ccc8c7...d8.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    185s
  • max time network
    192s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2022 19:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e947ccc8c72fad65e7692e0f2c9781a5607ef8a53a80d19e19d3f2635dc123d8.exe

  • Size

    29KB

  • MD5

    0de1b25348ad1ae87acaaa90c8691b25

  • SHA1

    64e273ecf3f8a96a990edd39dac617250e7d5c61

  • SHA256

    e947ccc8c72fad65e7692e0f2c9781a5607ef8a53a80d19e19d3f2635dc123d8

  • SHA512

    15b6dfd62869e498259a89c9159ade0b18b2976f7c61ed0463efa25f4ff077f6428e03506df75d6beb823df26e22e3b8404d2eead6e91d003bbff280778f860a

  • SSDEEP

    768:J9pcu0B8gyQ/U9tUJ44YypqPBzP9axhGQ7cFHUnbcuyD7UNA7mM:mj8jFi0I2Q4inouy8NA6M

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 63 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e947ccc8c72fad65e7692e0f2c9781a5607ef8a53a80d19e19d3f2635dc123d8.exe
    "C:\Users\Admin\AppData\Local\Temp\e947ccc8c72fad65e7692e0f2c9781a5607ef8a53a80d19e19d3f2635dc123d8.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\7122225.DLL
    Filesize

    12.1MB

    MD5

    215e7c787e7bcf8569661bf8e3823d31

    SHA1

    9cb4995348b8f9f724e388ebabb7aa952adc4693

    SHA256

    21795cee0ceaa74c51dcc96846b03a5d7ea7768f82f02c908309393b24815f55

    SHA512

    9556949c0830faa5f2130797a348f3ce4ed178a0f859b519fcdf50fb73b14b55232e2b6cb2363d41e6b8664e0f3a1eea373d53a702a316060db33fb0e07cd62c

    Download Submit

  • memory/956-54-0x0000000075E11000-0x0000000075E13000-memory.dmp

    Filesize

    8KB

    Download

  • memory/956-55-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download