Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-12-2022 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    378KB

  • MD5

    ad1f17a6b09d7d022e370c78e10550e5

  • SHA1

    5bc3a8a8de366b33c334588774d93a340cf68311

  • SHA256

    30e81baef6d0ba690bfc1854fee2ec1dcfbe86cee247b96e5e11d1be19fbb8a4

  • SHA512

    dca9b03168c16dcdf0e1e9f52a46a12d989de4aa1fe003fa34c12514bd9a908e6943909ca4d9108e0ce951a116698f926f84cbbe9d987b3ca1278dd805303ee2

  • SSDEEP

    6144:aLYJXDOlMe9pU83/FvxHszz0ZXbipHJV6WjD04aXOA7900/8oCbvHk5o:aEJzOL9rvxMzAZmNJZU4RqCuGs

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4476
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 1272
      2⤵
      • Program crash
      PID:3192
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4476 -ip 4476
    1⤵
      PID:3660

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4476-132-0x000000000059B000-0x00000000005D1000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4476-134-0x0000000004DB0000-0x0000000005354000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4476-133-0x00000000008E0000-0x0000000000939000-memory.dmp

      Filesize

      356KB

      Download

    • memory/4476-135-0x0000000000400000-0x0000000000484000-memory.dmp

      Filesize

      528KB

      Download

    • memory/4476-136-0x0000000005360000-0x0000000005978000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4476-137-0x0000000004C90000-0x0000000004CA2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4476-138-0x0000000005980000-0x0000000005A8A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4476-139-0x0000000004CB0000-0x0000000004CEC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4476-140-0x0000000005CB0000-0x0000000005D42000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4476-141-0x0000000005D50000-0x0000000005DB6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4476-142-0x0000000006430000-0x00000000064A6000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4476-143-0x00000000064F0000-0x000000000650E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4476-144-0x00000000065B0000-0x0000000006772000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4476-145-0x0000000006790000-0x0000000006CBC000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4476-146-0x000000000059B000-0x00000000005D1000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4476-147-0x0000000000400000-0x0000000000484000-memory.dmp

      Filesize

      528KB

      Download