Overview

overview

7

Static

static

af73fba3d2...33.exe

windows7-x64

7

af73fba3d2...33.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 19:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    af73fba3d2f512c8713c1f2aa20f710088367d9acc0991087ec02bc881622e33.exe

  • Size

    98KB

  • MD5

    68fb88a9917e5b8b4d152c3bd40a1a53

  • SHA1

    0e88da1c0419e68919f56f6444b3496b2654acad

  • SHA256

    af73fba3d2f512c8713c1f2aa20f710088367d9acc0991087ec02bc881622e33

  • SHA512

    7c7a48fc65122485904befb86c7b48605ff605de0b8dd5ffd7ac82132664a66118776d5cabb8cbe2756191508feada117c03da55a7c7c9c3c53eb62975879b48

  • SSDEEP

    1536:ws9Ks2DkWgQ2FOeqyeNhWzsg3yp1qmfD3ELIUaZFHPu5WcVpqo4eCCh1r4tlKtry:wO4DTgyvNcK3EDW6vdl4tlK7FwneS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\af73fba3d2f512c8713c1f2aa20f710088367d9acc0991087ec02bc881622e33.exe
    "C:\Users\Admin\AppData\Local\Temp\af73fba3d2f512c8713c1f2aa20f710088367d9acc0991087ec02bc881622e33.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1208
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\af73fba3d2f512c8713c1f2aa20f710088367d9acc0991087ec02bc881622e33.exe.bat
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:1072
      • C:\Windows\SysWOW64\attrib.exe
        attrib -s -h -a "C:\Users\Admin\AppData\Local\Temp\af73fba3d2f512c8713c1f2aa20f710088367d9acc0991087ec02bc881622e33.exe"
        3⤵
        • Views/modifies file attributes
        PID:936

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\af73fba3d2f512c8713c1f2aa20f710088367d9acc0991087ec02bc881622e33.exe.bat
          Filesize

          476B

          MD5

          b002b59798b9346f6849afc7d6da02b7

          SHA1

          afd917afa704f3456c8b6e774878531a2bb6dff1

          SHA256

          5a601a24631e66f9a28f1fd2283e5009b64aeb5b2fd5826f41cb6106f35cbcf9

          SHA512

          eeb2a1bc7edd2279c32b23b600687c8177d790e98571ae4d8ed558dbd7e93fd8206b2251691e59bf8d57c9a4784b7998d7f5d0dee976b1e9f2357012ba46b4fd

          Download Submit

        • memory/1208-54-0x0000000000830000-0x0000000000839000-memory.dmp

          Filesize

          36KB

          Download

        • memory/1208-55-0x0000000000800000-0x0000000000827000-memory.dmp

          Filesize

          156KB

          Download

        • memory/1208-56-0x0000000075D01000-0x0000000075D03000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1208-58-0x0000000000830000-0x0000000000839000-memory.dmp

          Filesize

          36KB

          Download

        • memory/1208-59-0x0000000000800000-0x0000000000827000-memory.dmp

          Filesize

          156KB

          Download