Overview

overview

7

Static

static

7743711f0b...05.exe

windows7-x64

7

7743711f0b...05.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    215s
  • max time network
    333s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 03:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7743711f0b83dba511ea6c042947ccbb24e97e277107acfad6620dd09e491d05.exe

  • Size

    190KB

  • MD5

    d805d969a859002181596ec1e7dd2feb

  • SHA1

    bbebddac95bca878b1299f4d4e2c82aba0b8acc6

  • SHA256

    7743711f0b83dba511ea6c042947ccbb24e97e277107acfad6620dd09e491d05

  • SHA512

    795c21470d5f4cc071e83410d57472409ea8e0bbc59d4b98d0333f3872f49c78eaf40ae7239f0ef07d03a8547f7a817ec444ec116d88ffdbeea0b35c25ad0674

  • SSDEEP

    3072:q+fdo40V6a9Ng9QNUwGW0zW/u/vvK09JzvZYTSrxqWNxK:q+fHwK9Thy/qvmqx8

Score
7/10

Malware Config

Signatures

  • Drops startup file 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7743711f0b83dba511ea6c042947ccbb24e97e277107acfad6620dd09e491d05.exe
    "C:\Users\Admin\AppData\Local\Temp\7743711f0b83dba511ea6c042947ccbb24e97e277107acfad6620dd09e491d05.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:544
    • C:\Users\Admin\AppData\Local\Temp\7743711f0b83dba511ea6c042947ccbb24e97e277107acfad6620dd09e491d05.exe
      "C:\Users\Admin\AppData\Local\Temp\7743711f0b83dba511ea6c042947ccbb24e97e277107acfad6620dd09e491d05.exe"
      2⤵
      • Drops startup file
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1472
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe"
        3⤵
          PID:1504

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/544-54-0x0000000000400000-0x0000000000432000-memory.dmp

            Filesize

            200KB

            Download

          • memory/544-55-0x00000000026E0000-0x0000000002712000-memory.dmp

            Filesize

            200KB

            Download

          • memory/544-61-0x0000000000400000-0x0000000000432000-memory.dmp

            Filesize

            200KB

            Download

          • memory/1472-56-0x0000000000400000-0x0000000000440000-memory.dmp

            Filesize

            256KB

            Download

          • memory/1472-57-0x0000000000400000-0x0000000000440000-memory.dmp

            Filesize

            256KB

            Download

          • memory/1472-58-0x0000000000400000-0x0000000000440000-memory.dmp

            Filesize

            256KB

            Download

          • memory/1472-59-0x0000000000400000-0x0000000000440000-memory.dmp

            Filesize

            256KB

            Download

          • memory/1472-62-0x0000000000400000-0x0000000000440000-memory.dmp

            Filesize

            256KB

            Download

          • memory/1472-63-0x0000000075531000-0x0000000075533000-memory.dmp

            Filesize

            8KB

            Download