Overview

overview

4

Static

static

32f92c618b...ec.exe

windows7-x64

1

32f92c618b...ec.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    203s
  • max time network
    208s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/12/2022, 18:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32f92c618b7d5da544b9a21e9fb4529bb4c863d5b24e577bbf8b49dfe42a2eec.exe

  • Size

    166KB

  • MD5

    c74da8a3241872fa12afdd488a4f7d2e

  • SHA1

    d220ce49112e985ffc784cf4e6324140756786bd

  • SHA256

    32f92c618b7d5da544b9a21e9fb4529bb4c863d5b24e577bbf8b49dfe42a2eec

  • SHA512

    833f294e0b388eb482e37d9610408aa53f5f71049c1ce591b0d00caf46b1d48eb53ac006467094d2451752e3458139befe60705d7f099c9b4f61a3d71fd3d42c

  • SSDEEP

    3072:Q78TC5M81hK+zE9wS9CTSL5mRNA35ObcVt90n2hIR5YC9pH312/P/Q:Q6oD189Ma34bxcuX12/

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32f92c618b7d5da544b9a21e9fb4529bb4c863d5b24e577bbf8b49dfe42a2eec.exe
    "C:\Users\Admin\AppData\Local\Temp\32f92c618b7d5da544b9a21e9fb4529bb4c863d5b24e577bbf8b49dfe42a2eec.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 844
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:4496

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1612-132-0x0000000075100000-0x00000000756B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1612-134-0x0000000075100000-0x00000000756B1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1612-135-0x0000000075100000-0x00000000756B1000-memory.dmp

    Filesize

    5.7MB

    Download