Resubmissions

24/11/2022, 10:37 UTC

221124-mn9nhsgg76 1

24/11/2022, 10:33 UTC

221124-mlpwbsgf33 1

24/11/2022, 10:30 UTC

221124-mjs5zabe6s 1

24/11/2022, 10:26 UTC

221124-mg13ssgd25 1

Analysis

  • max time kernel
    150s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    24/11/2022, 10:37 UTC

General

  • Target

    Server.exe

  • Size

    150KB

  • MD5

    0f367fce0c77e594ec09f105ded2503a

  • SHA1

    fba1dd99300e2c9d574a4afa976590b6da35ee50

  • SHA256

    120edd37142c24d17472137c608220220a4efb595d42a991efd498ac30339b4e

  • SHA512

    a8a6d855805f9e223478191577bbe981d09b988fdb20c64fa62431587b122424b2d868f82feaeb3e5be6e4aa49ccc3cf842c592ead2d8c645f497f1b69764f3f

  • SSDEEP

    3072:+FhkwDd+B2lf1oJWT9RMkjWyqQuRN4GepKsqL4:+Pk0d+Bo6JWT93q9/4

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 19 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 32 IoCs
  • Suspicious use of SendNotifyMessage 31 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Server.exe
    "C:\Users\Admin\AppData\Local\Temp\Server.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 444
      2⤵
        PID:1464
    • C:\Windows\System32\rundll32.exe
      "C:\Windows\System32\rundll32.exe" shell32.dll,Options_RunDLL 0
      1⤵
        PID:516
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe"
        1⤵
          PID:872
        • C:\Windows\system32\AUDIODG.EXE
          C:\Windows\system32\AUDIODG.EXE 0x4c0
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:588
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:1544
          • C:\Users\Admin\AppData\Local\Temp\Server.exe
            server.exe
            2⤵
            • Suspicious behavior: CmdExeWriteProcessMemorySpam
            • Suspicious use of WriteProcessMemory
            PID:1648
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
              dw20.exe -x -s 444
              3⤵
              • Suspicious use of FindShellTrayWindow
              PID:1220
        • C:\Windows\system32\taskmgr.exe
          "C:\Windows\system32\taskmgr.exe" /4
          1⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:1748

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/872-59-0x000007FEFB741000-0x000007FEFB743000-memory.dmp

          Filesize

          8KB

        • memory/1648-64-0x0000000073FC0000-0x000000007456B000-memory.dmp

          Filesize

          5.7MB

        • memory/1648-65-0x0000000073FC0000-0x000000007456B000-memory.dmp

          Filesize

          5.7MB

        • memory/1736-54-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

          Filesize

          8KB

        • memory/1736-57-0x0000000074290000-0x000000007483B000-memory.dmp

          Filesize

          5.7MB

        • memory/1736-58-0x0000000074290000-0x000000007483B000-memory.dmp

          Filesize

          5.7MB

        • memory/1748-67-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

        • memory/1748-68-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

        • memory/1748-69-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.