Overview

overview

5

Static

static

bc8e5c04e3...71.exe

windows7-x64

5

bc8e5c04e3...71.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    274s
  • max time network
    367s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2022 14:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc8e5c04e3b6c2933c055e7a3fc1bc312fbade78dc210b782195af1c6df64271.exe

  • Size

    38KB

  • MD5

    5c0d1cc5a7033e98a7993f2c80b12d09

  • SHA1

    defcc91dbcb74856873e725494c1f64b538fa4ac

  • SHA256

    bc8e5c04e3b6c2933c055e7a3fc1bc312fbade78dc210b782195af1c6df64271

  • SHA512

    f87adfc26883bc420e041527d18f0129433ad2aa1648e76b5e4b1deb60c28f70da9135d4ce1e40dfa312e51aab0a98ef0c5dceeaa64251b2490234b2b211a42d

  • SSDEEP

    768:88L8LPJ868R878C888Q8E8m8E8d7/LNDyYgxJHlyf5RPEsw3EbHpsva5wRwUV5n:8bTJzqIfhbp1pG7/LpgxJFO5v8qqRwy9

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1264
      • C:\Users\Admin\AppData\Local\Temp\bc8e5c04e3b6c2933c055e7a3fc1bc312fbade78dc210b782195af1c6df64271.exe
        "C:\Users\Admin\AppData\Local\Temp\bc8e5c04e3b6c2933c055e7a3fc1bc312fbade78dc210b782195af1c6df64271.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:516
        • \??\c:\users\admin\appdata\local\temp\bc8e5c04e3b6c2933c055e7a3fc1bc312fbade78dc210b782195af1c6df64271.exe
          "c:\users\admin\appdata\local\temp\bc8e5c04e3b6c2933c055e7a3fc1bc312fbade78dc210b782195af1c6df64271.exe"
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1856

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/516-54-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1856-55-0x0000000000400000-0x0000000000404000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1856-56-0x0000000000400000-0x0000000000404000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1856-58-0x0000000000400000-0x0000000000404000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1856-59-0x0000000000400000-0x0000000000404000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1856-61-0x0000000000400000-0x0000000000404000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1856-62-0x0000000000400000-0x0000000000404000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1856-65-0x0000000076391000-0x0000000076393000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1856-66-0x0000000000400000-0x0000000000404000-memory.dmp

      Filesize

      16KB

      Download