Overview

overview

7

Static

static

f4f9cfebc3...3d.exe

windows7-x64

7

f4f9cfebc3...3d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d.exe

  • Size

    2.1MB

  • MD5

    3a953fff32e8c817593a6a5dfdbc233d

  • SHA1

    616d350bd5ee19630b364822da7cfce711f0cb52

  • SHA256

    f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d

  • SHA512

    60cd2df44f6b9e87304d69e1579cebd5606f69cd5768a5718fd60f53a7e3c111dc0963b2c7e07a1eb6fc45224a172d63b060874dbaaecc9458b7933de5ee36e8

  • SSDEEP

    49152:9I7F1k/0hXab2VZI9S7qbrtLeB36SS47/hDu5u87hx6:QBu2EWq/t05rZy7hx6

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d.exe
    "C:\Users\Admin\AppData\Local\Temp\f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\.#\MBX@13C4@24D1EB8.###
    Filesize

    2KB

    MD5

    17a340b825f9917f3dd775661cd2b253

    SHA1

    7b55f2c7d08a055e792cc1f0784d184e398f85de

    SHA256

    9816e11afd75f15fa080c2db822e810e01241a5bb1fd505e5a7982c33d680027

    SHA512

    7794aa274ffa8740255989ccf80ea61cefa182fdc501e7ba6a3c15bce5c54111e4eb0cd6cf7b2c0abaa17526fb8e78daa30bb53cb65e9d3a589b0c628c600fd5

    Download Submit

  • C:\Users\Admin\AppData\Local\.#\MBX@13C4@24D1F08.###
    Filesize

    2KB

    MD5

    d122b19933a1512904520bedbb5f58d7

    SHA1

    14e85e2b7bdc1eafd50dd5cc604c06fe0de9e510

    SHA256

    3ed5f9e82910d2b08b19956653c4197e12b56e99faef80693cd60b2755939204

    SHA512

    e76e711930d46940734e605432bc9b6a4086bcf150c82ed7f81e4388dd4f0b2dda44e99aa2acda33a093bd13766ad4495a0aad2aa02bc742023493c155569bea

    Download Submit

  • memory/5060-140-0x000000006CE10000-0x000000006CE49000-memory.dmp

    Filesize

    228KB

    Download

  • memory/5060-133-0x0000000000400000-0x0000000000848000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/5060-136-0x0000000000030000-0x0000000000036000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5060-134-0x0000000000400000-0x0000000000848000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/5060-139-0x000000006CE10000-0x000000006CE49000-memory.dmp

    Filesize

    228KB

    Download

  • memory/5060-138-0x000000006CE10000-0x000000006CE49000-memory.dmp

    Filesize

    228KB

    Download

  • memory/5060-132-0x0000000000400000-0x0000000000848000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/5060-135-0x0000000000400000-0x0000000000848000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/5060-143-0x0000000071AD0000-0x0000000071AF4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/5060-142-0x0000000071AD0000-0x0000000071AF4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/5060-144-0x0000000071AD0000-0x0000000071AF4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/5060-145-0x0000000000400000-0x0000000000848000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/5060-146-0x000000006CE10000-0x000000006CE49000-memory.dmp

    Filesize

    228KB

    Download

  • memory/5060-147-0x0000000071AD0000-0x0000000071AF4000-memory.dmp

    Filesize

    144KB

    Download