Overview

overview

7

Static

static

39d3df8f4a...98.exe

windows7-x64

7

39d3df8f4a...98.exe

windows10-2004-x64

1

Resubmissions

15-11-2022 04:10

221115-ervd1aeh46 7

15-11-2022 03:41

221115-d86ypaeg75 7

Analysis

  • max time kernel
    78s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    15-11-2022 04:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    39d3df8f4a3bacaf1456712177c36f4fd76acf69a174c74927c15442bc80a398.exe

  • Size

    6.1MB

  • MD5

    4475d543fd30e39295790f0f766dfcd7

  • SHA1

    bd9b5b090c3c3c86be2c4e7fbe587918c2be4ef8

  • SHA256

    39d3df8f4a3bacaf1456712177c36f4fd76acf69a174c74927c15442bc80a398

  • SHA512

    55d292cd3ae08ff96981ded66828c333783bce2775c4581826be564211df500fa08474990c675ea145eb2702833e618b06038e7594d343234b4bdfb4b8983a7b

  • SSDEEP

    98304:fO/zQnFA/Cv9sATR/yl9zqE4C5J+daIhtoO9Ekm6tGEvZb:f8Q62CATR/yl9+ErefXB636I8

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 3 IoCs
    discovery
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39d3df8f4a3bacaf1456712177c36f4fd76acf69a174c74927c15442bc80a398.exe
    "C:\Users\Admin\AppData\Local\Temp\39d3df8f4a3bacaf1456712177c36f4fd76acf69a174c74927c15442bc80a398.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1824
    • C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /CREATE /TN "Windows\IntelComputingToolkit\IntelGAS8.2.2.9." /TR "C:\ProgramData\lntelToolSkits\IntelGAS-Ver8.2.2.9.exe" /SC MINUTE
      2⤵
      • Creates scheduled task(s)
      PID:1956
    • C:\Windows\SysWOW64\icacls.exe
      "C:\Windows\System32\icacls.exe" "C:\ProgramData\lntelToolSkits" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"
      2⤵
      • Modifies file permissions
      PID:1932
    • C:\Windows\SysWOW64\icacls.exe
      "C:\Windows\System32\icacls.exe" "C:\ProgramData\lntelToolSkits" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"
      2⤵
      • Modifies file permissions
      PID:908
    • C:\Windows\SysWOW64\icacls.exe
      "C:\Windows\System32\icacls.exe" "C:\ProgramData\lntelToolSkits" /inheritance:e /deny "adMnepoxyFEYWGOLmin:(R,REA,RA,RD)"
      2⤵
      • Modifies file permissions
      PID:1568
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {28268890-7B01-486A-8D8B-8B6655563BD2} S-1-5-21-2292972927-2705560509-2768824231-1000:GRXNNIIE\Admin:Interactive:[1]
    1⤵
      PID:1952
      • C:\ProgramData\lntelToolSkits\IntelGAS-Ver8.2.2.9.exe
        C:\ProgramData\lntelToolSkits\IntelGAS-Ver8.2.2.9.exe
        2⤵
          PID:844

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Scheduled Task

      1
      T1053

      Persistence

      Scheduled Task

      1
      T1053

      Privilege Escalation

      Scheduled Task

      1
      T1053

      Defense Evasion

      File Permissions Modification

      1
      T1222

      Credential Access

      Discovery

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\lntelToolSkits\IntelGAS-Ver8.2.2.9.exe
        Filesize

        1015.5MB

        MD5

        1d5280fa43b09bcd0aed68c19c77b7aa

        SHA1

        61881e90f4a77b133e2708f8210306d533d7c6ff

        SHA256

        7030d5905b572391ca144361b8901f7989ce8fd842da6d3ee6e71e6e9e255432

        SHA512

        c00a13399c2116cab152703b97bc616c33c75f593f1b9b75f30fc7a409af1aa99df9b00f4d7aa2eed6106db08a5907586f05b65aeed5caeece4828f65bacf5b0

        Download Submit
      • C:\ProgramData\lntelToolSkits\IntelGAS-Ver8.2.2.9.exe
        Filesize

        987.9MB

        MD5

        2086b59730d1ebfda026bda83ee211dc

        SHA1

        6e0430c2ffd441b3cd7c9408181bef299b3288a9

        SHA256

        52a4cd5a8116127b20d309c193ffe2fcfb257fcded7506180babcfbb8641bd0c

        SHA512

        8f1493e1fac7eb04ac8821d90e2c502db7a7a5e81d7ddafdac51644f4c10465bf88aff82ad108d6e20fdca1fdd0172deb1ec844deab34ad42542668b5f77c6b2

        Download Submit
      • memory/844-66-0x0000000000000000-mapping.dmp
        Download
      • memory/908-63-0x0000000000000000-mapping.dmp
        Download
      • memory/1568-64-0x0000000000000000-mapping.dmp
        Download
      • memory/1824-54-0x0000000075571000-0x0000000075573000-memory.dmp
        Filesize

        8KB

        Download
      • memory/1824-55-0x0000000000400000-0x0000000000DA3000-memory.dmp
        Filesize

        9.6MB

        Download
      • memory/1824-58-0x0000000000400000-0x0000000000DA3000-memory.dmp
        Filesize

        9.6MB

        Download
      • memory/1824-59-0x0000000000400000-0x0000000000DA3000-memory.dmp
        Filesize

        9.6MB

        Download
      • memory/1824-65-0x0000000000400000-0x0000000000DA3000-memory.dmp
        Filesize

        9.6MB

        Download
      • memory/1932-61-0x0000000000000000-mapping.dmp
        Download
      • memory/1956-60-0x0000000000000000-mapping.dmp
        Download