Overview

overview

10

Static

static

0b17d9f975...93.exe

windows7-x64

10

0b17d9f975...93.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    94s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-12-2022 08:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b17d9f9755d73cf32a0c5830a416593.exe

  • Size

    382KB

  • MD5

    0b17d9f9755d73cf32a0c5830a416593

  • SHA1

    1c90213d38741e29e295e9e23b5700c701232f40

  • SHA256

    ec2e95face0cd1b7eba04512d1dc99faf0e06f52daf5687664ad78e1eef6d43e

  • SHA512

    1c7b556fece20fae1a2820b2a7a1898718330e40939825d2d6701db10fcdc0af81067b1387e4ddf8333bb2151b2089e562ed43f234c8cd580246e68c2ed68e34

  • SSDEEP

    6144:G8Wga0LXOzQXl+6ZzIZWRo+p9YfgOBY01SDb6XJ6HYhwaWyN8NOg2OKsyrKzosYg:G8tj0Y5hIZWa7Y2wsEYhwVyN8ObKzosz

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b17d9f9755d73cf32a0c5830a416593.exe
    "C:\Users\Admin\AppData\Local\Temp\0b17d9f9755d73cf32a0c5830a416593.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4252
    • C:\Users\Admin\AppData\Local\Temp\0b17d9f9755d73cf32a0c5830a416593.exe
      C:\Users\Admin\AppData\Local\Temp\0b17d9f9755d73cf32a0c5830a416593.exe
      2⤵
        PID:2156
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 80
          3⤵
          • Program crash
          PID:2716
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2156 -ip 2156
      1⤵
        PID:3528

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2156-136-0x0000000000000000-mapping.dmp

        Download

      • memory/4252-132-0x0000000000BF0000-0x0000000000C58000-memory.dmp

        Filesize

        416KB

        Download

      • memory/4252-133-0x000000000E2B0000-0x000000000E34C000-memory.dmp

        Filesize

        624KB

        Download

      • memory/4252-134-0x000000000E900000-0x000000000EEA4000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/4252-135-0x000000000E350000-0x000000000E3E2000-memory.dmp

        Filesize

        584KB

        Download