Overview

overview

10

Static

static

e79317f601...2e.exe

windows7-x64

10

e79317f601...2e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    278s
  • max time network
    388s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 12:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e79317f601acb972f099d1e1188d20720413cc153bdeda2ca17d55193dd10d2e.exe

  • Size

    351KB

  • MD5

    8bca8f663a45793182e301e5eb00510a

  • SHA1

    6326136b3d32a736756147df147badcc4a98fcb4

  • SHA256

    e79317f601acb972f099d1e1188d20720413cc153bdeda2ca17d55193dd10d2e

  • SHA512

    a5b9e41ca49fbbf736f070c9f65947ff042f61be48d95856dcaab13cb1d2347daec42231a1c71f8b7221c371bce63c0111cb8b04ab5aacd6cc2c4df3d7126d32

  • SSDEEP

    6144:hq+PZTDlGsitFRWmEd5B5W4Wz2usuQxaVzJD8qzCD7O6J6dI1M+wxE6e0yC:hq+BK8j/W4+6uQc9JBM756dI1ITefC

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2164
    • C:\Users\Admin\AppData\Local\Temp\e79317f601acb972f099d1e1188d20720413cc153bdeda2ca17d55193dd10d2e.exe
      "C:\Users\Admin\AppData\Local\Temp\e79317f601acb972f099d1e1188d20720413cc153bdeda2ca17d55193dd10d2e.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3536
      • C:\Users\Admin\AppData\Local\ebe732ad\X
        176.53.17.24:80
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3460
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe"
        3⤵
        • Deletes itself
        PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\ebe732ad\X
    Filesize

    41KB

    MD5

    be40a2578e862f1cecc9b9194f524201

    SHA1

    0c379f375f9bcfab2e8d86161cec07fe4a7dbc12

    SHA256

    2c0f19272baa42d1af85a395fe8cd687c50e91450abc5911f6806c317a25b6a6

    SHA512

    25fbee1dce99c0ca80cd11bbe0d9fceaa07bf8a8b9b3ebc04e55645c0a733dafc83a7922975c31bc9fdff6f413257ac8b9ff72628c78b48a5b7ab669eab369f8

    Download Submit

  • C:\Users\Admin\AppData\Local\ebe732ad\X
    Filesize

    41KB

    MD5

    be40a2578e862f1cecc9b9194f524201

    SHA1

    0c379f375f9bcfab2e8d86161cec07fe4a7dbc12

    SHA256

    2c0f19272baa42d1af85a395fe8cd687c50e91450abc5911f6806c317a25b6a6

    SHA512

    25fbee1dce99c0ca80cd11bbe0d9fceaa07bf8a8b9b3ebc04e55645c0a733dafc83a7922975c31bc9fdff6f413257ac8b9ff72628c78b48a5b7ab669eab369f8

    Download Submit

  • memory/2368-139-0x0000000000000000-mapping.dmp

    Download

  • memory/3460-134-0x0000000000000000-mapping.dmp

    Download

  • memory/3536-132-0x0000000000400000-0x0000000000469F3C-memory.dmp

    Filesize

    423KB

    Download

  • memory/3536-133-0x0000000000756000-0x000000000079E000-memory.dmp

    Filesize

    288KB

    Download

  • memory/3536-137-0x0000000000400000-0x0000000000469F3C-memory.dmp

    Filesize

    423KB

    Download

  • memory/3536-138-0x0000000000756000-0x000000000079E000-memory.dmp

    Filesize

    288KB

    Download

  • memory/3536-140-0x0000000000400000-0x0000000000469F3C-memory.dmp

    Filesize

    423KB

    Download

  • memory/3536-141-0x0000000000756000-0x000000000079E000-memory.dmp

    Filesize

    288KB

    Download