Overview

overview

10

Static

static

512aede099...f9.exe

windows7-x64

1

512aede099...f9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    08-12-2022 01:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9.exe

  • Size

    1.1MB

  • MD5

    1390949b5e724b10db6b15b9b564510c

  • SHA1

    f39222bfc33e3b726c950c923180b2257b58acd4

  • SHA256

    512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9

  • SHA512

    65aff732ed49107091794d512055e93cc8b1d59a3f09ece5db41e47bc372f9e11234ea02d890906615ecd3cc6c334e2160d602c997b5c377dbb44694082cfc0a

  • SSDEEP

    12288:tsuAo+41hw4e/ehLrzXz8nmkAk6zcpB4+B/RjMWp+aC203fjrDq0DeJZB0BeumF:WL4LJzOmFk71Xjozn37rDqr2Qum2d4

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9.exe
    "C:\Users\Admin\AppData\Local\Temp\512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:820
    • C:\Users\Admin\AppData\Local\Temp\512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9.exe
      "C:\Users\Admin\AppData\Local\Temp\512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9.exe"
      2⤵
        PID:584
      • C:\Users\Admin\AppData\Local\Temp\512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9.exe
        "C:\Users\Admin\AppData\Local\Temp\512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9.exe"
        2⤵
          PID:520
        • C:\Users\Admin\AppData\Local\Temp\512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9.exe
          "C:\Users\Admin\AppData\Local\Temp\512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9.exe"
          2⤵
            PID:708
          • C:\Users\Admin\AppData\Local\Temp\512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9.exe
            "C:\Users\Admin\AppData\Local\Temp\512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9.exe"
            2⤵
              PID:1288
            • C:\Users\Admin\AppData\Local\Temp\512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9.exe
              "C:\Users\Admin\AppData\Local\Temp\512aede0998ef6bd1e7fdacd978081806d4f4d3d7a7136e2945803e197ceccf9.exe"
              2⤵
                PID:544

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/820-54-0x00000000003A0000-0x00000000004C2000-memory.dmp
              Filesize

              1.1MB

              Download
            • memory/820-55-0x0000000075591000-0x0000000075593000-memory.dmp
              Filesize

              8KB

              Download
            • memory/820-56-0x00000000004D0000-0x00000000004EA000-memory.dmp
              Filesize

              104KB

              Download
            • memory/820-57-0x00000000007B0000-0x00000000007BC000-memory.dmp
              Filesize

              48KB

              Download
            • memory/820-58-0x0000000005970000-0x0000000005A04000-memory.dmp
              Filesize

              592KB

              Download
            • memory/820-59-0x0000000004CF0000-0x0000000004D2A000-memory.dmp
              Filesize

              232KB

              Download