Overview

overview

5

Static

static

58eec050ad...56.exe

windows7-x64

5

58eec050ad...56.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    41s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 04:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58eec050ad20d383ca30c61dd0df24f8904e1dec9947f13805859e8202d0a456.exe

  • Size

    305KB

  • MD5

    92225dca9a4a89bd825025c044bcc923

  • SHA1

    1f9eb9b0e391ecb30d7dffa482c895b694d0525b

  • SHA256

    58eec050ad20d383ca30c61dd0df24f8904e1dec9947f13805859e8202d0a456

  • SHA512

    d15af8ad901dbc47ba8cfde4ee018ad5c07185ebae94523937b944507fd184c1b8ff07de5e9094d133926e2888646658026afea0a3b36bbccd44c33a5f9a3df8

  • SSDEEP

    6144:QOC2F8NXC796TB9vj48xgi61EVhFbLR0rcXmLYXCrt1jwG:QYeVQkTrvj4Qgl1EPFurYCrtVX

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58eec050ad20d383ca30c61dd0df24f8904e1dec9947f13805859e8202d0a456.exe
    "C:\Users\Admin\AppData\Local\Temp\58eec050ad20d383ca30c61dd0df24f8904e1dec9947f13805859e8202d0a456.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:704
    • C:\Users\Admin\AppData\Local\Temp\58eec050ad20d383ca30c61dd0df24f8904e1dec9947f13805859e8202d0a456.exe
      C:\Users\Admin\AppData\Local\Temp\58eec050ad20d383ca30c61dd0df24f8904e1dec9947f13805859e8202d0a456.exe
      2⤵
      • Drops file in System32 directory
      • Suspicious use of AdjustPrivilegeToken
      PID:792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/704-54-0x0000000000460000-0x0000000000498000-memory.dmp

    Filesize

    224KB

    Download

  • memory/704-57-0x0000000074AD1000-0x0000000074AD3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/704-64-0x00000000740B0000-0x000000007465B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/792-58-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/792-59-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/792-61-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/792-65-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/792-68-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/792-67-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download