Overview

overview

6

Static

static

5b95678162...3e.exe

windows7-x64

6

5b95678162...3e.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    151s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 17:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b95678162c8d31279820d1732b079420db4124ecedff792eb007b91a698d43e.exe

  • Size

    440KB

  • MD5

    173085a6a9ae2a9ed4cc35b5eb462a72

  • SHA1

    bea1fbb07d9e014a69b0e6c243550d8b709ac55c

  • SHA256

    5b95678162c8d31279820d1732b079420db4124ecedff792eb007b91a698d43e

  • SHA512

    c3592d71709f81fe2ded7be2579089357a979f5487abf2c4169f0505b44adf5172482d7dbccad99abfa74cf1dac1982e022ac9052a8221555cc9f1d51228e36d

  • SSDEEP

    6144:3Cof/2jF8rNFFO14qiFVsNewYDtw6hLa4s1kdv04c0L7uZQike7EB:Hhrto2wY9MXSv0PDQy

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b95678162c8d31279820d1732b079420db4124ecedff792eb007b91a698d43e.exe
    "C:\Users\Admin\AppData\Local\Temp\5b95678162c8d31279820d1732b079420db4124ecedff792eb007b91a698d43e.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of UnmapMainImage
    PID:1632

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1276-58-0x0000000002750000-0x000000000277F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1276-59-0x00000000029D0000-0x0000000002A03000-memory.dmp

    Filesize

    204KB

    Download

  • memory/1276-61-0x00000000029D0000-0x0000000002A03000-memory.dmp

    Filesize

    204KB

    Download

  • memory/1632-54-0x0000000076301000-0x0000000076303000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1632-55-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/1632-57-0x0000000000400000-0x0000000000471000-memory.dmp

    Filesize

    452KB

    Download

  • memory/1632-60-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download