Overview

overview

7

Static

static

fe0a4011a1...75.exe

windows7-x64

7

fe0a4011a1...75.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 22:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe0a4011a18c9eb6af18cbbb0844fe8ea57caeafd71ade407379a34726fd8675.exe

  • Size

    757KB

  • MD5

    79090e73a9e445528d179dbf96a8bb6b

  • SHA1

    85cc483c3eea36f776db885a904ec801f8d7f522

  • SHA256

    fe0a4011a18c9eb6af18cbbb0844fe8ea57caeafd71ade407379a34726fd8675

  • SHA512

    54bef3b957f35d5206f41d72550d5a03737702f36ceefb57a752a467f4be06d8ef89f581028412cca96557074b5d2e66fc84855f27088655900cff2c0b57d766

  • SSDEEP

    12288:EEDCJJDXb8qWvvMyesvleMkWzChpBTfgYvVHcgwSuLwKtT372iy5Lc9:EmQGbvNvjkJPKu+lA675Ma

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe0a4011a18c9eb6af18cbbb0844fe8ea57caeafd71ade407379a34726fd8675.exe
    "C:\Users\Admin\AppData\Local\Temp\fe0a4011a18c9eb6af18cbbb0844fe8ea57caeafd71ade407379a34726fd8675.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\zmi78FD.tmp
    Filesize

    172KB

    MD5

    329c86f855c832ecdcdf0621cd1e34f2

    SHA1

    da1339d51ba6e4e9335915bc39632a417fe0fbe4

    SHA256

    e2eb6d9d836abb942bd52b3a9806439beba130b2a547ac7e9df57bc3919dcefb

    SHA512

    d484b9c2637659f3b1c168598d064fa0a76ab1feab1ba21af548b4577a3343443fe6da7c0230c048ad5a281e21a445f76a180301adcdded91ad8e672506be473

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zmi78FD.tmp
    Filesize

    172KB

    MD5

    329c86f855c832ecdcdf0621cd1e34f2

    SHA1

    da1339d51ba6e4e9335915bc39632a417fe0fbe4

    SHA256

    e2eb6d9d836abb942bd52b3a9806439beba130b2a547ac7e9df57bc3919dcefb

    SHA512

    d484b9c2637659f3b1c168598d064fa0a76ab1feab1ba21af548b4577a3343443fe6da7c0230c048ad5a281e21a445f76a180301adcdded91ad8e672506be473

    Download Submit

  • memory/4736-135-0x0000000000780000-0x00000000007F4000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4736-136-0x0000000000780000-0x00000000007F4000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4736-134-0x0000000000400000-0x00000000004B4000-memory.dmp

    Filesize

    720KB

    Download

  • memory/4736-137-0x0000000000780000-0x00000000007F4000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4736-138-0x0000000000780000-0x00000000007F4000-memory.dmp

    Filesize

    464KB

    Download