Overview

overview

10

Static

static

88202ffc8a...8c.exe

windows7-x64

10

88202ffc8a...8c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    191s
  • max time network
    198s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-12-2022 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88202ffc8a1869c198cfdbddd57ccb7e6a47b2b19c685e2cd04e708202ad318c.exe

  • Size

    316KB

  • MD5

    35c6236fdf757ab70d1d942fc9e9ee4c

  • SHA1

    2498729c2a29415c512738d9f0671a0443b45dd1

  • SHA256

    88202ffc8a1869c198cfdbddd57ccb7e6a47b2b19c685e2cd04e708202ad318c

  • SHA512

    70716424bad57b1db1c03972323459e5cb62afc83e910bb79b8fb554f5211677961f2f50b3b641a917172666782cdd305f5b999e2e2e26561c487585f4b6e2d7

  • SSDEEP

    6144:D/Bx3dwED1iFdv0hzfFDeuS9SvEcfGr+3XKohgvCwYim:D/r36cydbL9S/y+3XK5vCh

Score
8/10
evasion

Malware Config

Signatures

  • Disables taskbar notifications via registry modification
    evasion
  • Unexpected DNS network traffic destination 2 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2644
    • C:\Users\Admin\AppData\Local\Temp\88202ffc8a1869c198cfdbddd57ccb7e6a47b2b19c685e2cd04e708202ad318c.exe
      "C:\Users\Admin\AppData\Local\Temp\88202ffc8a1869c198cfdbddd57ccb7e6a47b2b19c685e2cd04e708202ad318c.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2808-132-0x0000000000400000-0x0000000000450F60-memory.dmp

    Filesize

    323KB

    Download

  • memory/2808-133-0x0000000002380000-0x0000000002790000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/2808-134-0x0000000000400000-0x0000000000450F60-memory.dmp

    Filesize

    323KB

    Download

  • memory/2808-135-0x0000000000400000-0x0000000000450F60-memory.dmp

    Filesize

    323KB

    Download

  • memory/2808-136-0x0000000000710000-0x0000000000736000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2808-137-0x0000000002380000-0x0000000002790000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/2808-138-0x0000000000400000-0x0000000000450F60-memory.dmp

    Filesize

    323KB

    Download