Overview

overview

8

Static

static

789ec146c3...06.exe

windows7-x64

8

789ec146c3...06.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    112s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 13:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    789ec146c32588a5f6731a15dc7d31fc561a538d681ddce2fcc5e85fc4379906.exe

  • Size

    743KB

  • MD5

    2d4c94437e86dfec25eeb776294c9e5e

  • SHA1

    b02fc9e6a2c20dd3d8230e9ddb17020b4c9ad75b

  • SHA256

    789ec146c32588a5f6731a15dc7d31fc561a538d681ddce2fcc5e85fc4379906

  • SHA512

    17f42e952fa7e337bb8e4071bde87b7ae6240b848ad4462c0c932d09c66f98054e439fe47042ba2fdc67697988cfd14300cd8d88abedffbf06f562dd276dfa61

  • SSDEEP

    12288:ERyTSktU4g/n/t0EW5A0zyYvJwQ5oAlK+GE4vebIk6bQQ52LgRg08y5HpnPzy:oStU4gf2EW5A2DJr/kS4vGIk6v3Hb

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\789ec146c32588a5f6731a15dc7d31fc561a538d681ddce2fcc5e85fc4379906.exe
    "C:\Users\Admin\AppData\Local\Temp\789ec146c32588a5f6731a15dc7d31fc561a538d681ddce2fcc5e85fc4379906.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4204
  • C:\Windows\Hacker.com.cn.exe
    C:\Windows\Hacker.com.cn.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2576
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:4828

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\Hacker.com.cn.exe
            Filesize

            743KB

            MD5

            2d4c94437e86dfec25eeb776294c9e5e

            SHA1

            b02fc9e6a2c20dd3d8230e9ddb17020b4c9ad75b

            SHA256

            789ec146c32588a5f6731a15dc7d31fc561a538d681ddce2fcc5e85fc4379906

            SHA512

            17f42e952fa7e337bb8e4071bde87b7ae6240b848ad4462c0c932d09c66f98054e439fe47042ba2fdc67697988cfd14300cd8d88abedffbf06f562dd276dfa61

            Download Submit

          • C:\Windows\Hacker.com.cn.exe
            Filesize

            743KB

            MD5

            2d4c94437e86dfec25eeb776294c9e5e

            SHA1

            b02fc9e6a2c20dd3d8230e9ddb17020b4c9ad75b

            SHA256

            789ec146c32588a5f6731a15dc7d31fc561a538d681ddce2fcc5e85fc4379906

            SHA512

            17f42e952fa7e337bb8e4071bde87b7ae6240b848ad4462c0c932d09c66f98054e439fe47042ba2fdc67697988cfd14300cd8d88abedffbf06f562dd276dfa61

            Download Submit