Overview

overview

8

Static

static

5f4562121e...71.exe

windows7-x64

8

5f4562121e...71.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 16:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f4562121e2afd6f31a24963edf98560583809d62a13d24125d136a92fbe1971.exe

  • Size

    1000KB

  • MD5

    16c9ea0b4a15e31447f99509f3668835

  • SHA1

    e32c8d1f25fe9b03e6f2def772a31761f8fdedc9

  • SHA256

    5f4562121e2afd6f31a24963edf98560583809d62a13d24125d136a92fbe1971

  • SHA512

    671fcfc41240d5def973406d03fc6da339b9af9fd9d460a7ba4f8b28134cfa8f13a7b9dd31b4ac7506ba3dc99c90bbd4df4bfd3a5a1010fd9bd9d4d81b61a645

  • SSDEEP

    12288:agitGs0IsFqnezEDCJJDXb8qWvvMyesvleMkWzChpBTfgYvVHcgwSuLfKtTA:fitV0IsFKezmQGbvNvjkJPKu+lv1

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f4562121e2afd6f31a24963edf98560583809d62a13d24125d136a92fbe1971.exe
    "C:\Users\Admin\AppData\Local\Temp\5f4562121e2afd6f31a24963edf98560583809d62a13d24125d136a92fbe1971.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4772
    • C:\Users\Admin\AppData\Local\Temp\~GMFBF9.exe
      "C:\Users\Admin\AppData\Local\Temp\~GMFBF9.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~GMFBF9.exe
    Filesize

    690KB

    MD5

    e5d1b531ec6df14d8e8e5831442b8b12

    SHA1

    bc59eb336dcfbf04c8abe3d8090e3fae9f0957ec

    SHA256

    9c2ba8fd45f4d9ce8b94cc3a016e2cdf1870a34bce530c2ce4e542bf7817e93d

    SHA512

    0647e71e8841d3fe5d1e80dc4bc563df664e989b1efc455aaa4cc39a39e48f551927e0f6275d927091c1ca9a0ea1f1881eac9989221f7546f1ea3a0ba1629a8f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~GMFBF9.exe
    Filesize

    690KB

    MD5

    e5d1b531ec6df14d8e8e5831442b8b12

    SHA1

    bc59eb336dcfbf04c8abe3d8090e3fae9f0957ec

    SHA256

    9c2ba8fd45f4d9ce8b94cc3a016e2cdf1870a34bce530c2ce4e542bf7817e93d

    SHA512

    0647e71e8841d3fe5d1e80dc4bc563df664e989b1efc455aaa4cc39a39e48f551927e0f6275d927091c1ca9a0ea1f1881eac9989221f7546f1ea3a0ba1629a8f

    Download Submit