Overview

overview

8

Static

static

9f88fb2e41...87.exe

windows7-x64

8

9f88fb2e41...87.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    318s
  • max time network
    328s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2022, 10:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9f88fb2e4110898d3b320740aabfe8852485e3094ee5f017ec25ea9b71fd4787.exe

  • Size

    99KB

  • MD5

    0beb703005681ecc1af25ed46ff51a6a

  • SHA1

    549bc4b2a67b8dfb9769b6e226cd5e28537b808b

  • SHA256

    9f88fb2e4110898d3b320740aabfe8852485e3094ee5f017ec25ea9b71fd4787

  • SHA512

    10ab6686ad0965693c2490032676592c7d2cf4bd35d1756b1e39f5e4ad8dc356329e2035dee07ca28bebcb138ea068bb34cc97cec3774f178405cc3712b1cf3e

  • SSDEEP

    3072:I60z9FRx5bi3Yj2jNUxKHdEykw0DbCHO+Ma:CPLbi37UxK9dsDbUMa

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 21 IoCs
  • Suspicious use of WriteProcessMemory 58 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f88fb2e4110898d3b320740aabfe8852485e3094ee5f017ec25ea9b71fd4787.exe
    "C:\Users\Admin\AppData\Local\Temp\9f88fb2e4110898d3b320740aabfe8852485e3094ee5f017ec25ea9b71fd4787.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3860
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
      • Modifies Installed Components in the registry
      • Drops file in Windows directory
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1428

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\msmjel.exe
          Filesize

          99KB

          MD5

          0beb703005681ecc1af25ed46ff51a6a

          SHA1

          549bc4b2a67b8dfb9769b6e226cd5e28537b808b

          SHA256

          9f88fb2e4110898d3b320740aabfe8852485e3094ee5f017ec25ea9b71fd4787

          SHA512

          10ab6686ad0965693c2490032676592c7d2cf4bd35d1756b1e39f5e4ad8dc356329e2035dee07ca28bebcb138ea068bb34cc97cec3774f178405cc3712b1cf3e

          Download Submit

        • memory/1428-139-0x0000000010410000-0x000000001044A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/1428-141-0x0000000010410000-0x000000001044A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/3860-132-0x0000000000400000-0x0000000000439000-memory.dmp

          Filesize

          228KB

          Download

        • memory/3860-135-0x0000000000400000-0x0000000000439000-memory.dmp

          Filesize

          228KB

          Download

        • memory/3860-136-0x0000000010410000-0x000000001044A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/3860-140-0x0000000000400000-0x0000000000439000-memory.dmp

          Filesize

          228KB

          Download