Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    89s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2022, 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    382KB

  • MD5

    532a3ac59fee56610611cb4da77a946a

  • SHA1

    8b652c638bfe89ed0ecbb4ef43c9167153846c8d

  • SHA256

    f425db30917f82eec0fe948383952e4caf51f79d1638a6393db2f5636b09d08f

  • SHA512

    5df39a67f8f9de651c0f3a43fe34fa24a7fd50ff761481bece7fa5abbbc592f2de9773b9511446fce5a4c26ae714e5a1617d3fdc60ad2f3f25cc0fdc42eb01b7

  • SSDEEP

    6144:YLSDLeHnNTFSqWug1iD7Dp9AyVhDVCyMmECIXrF/WtE1GMjH55+Vl7l:YeDLWFS14DcahDU5mOFetE1djZgX

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3208
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 1568
      2⤵
      • Program crash
      PID:3532
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3208 -ip 3208
    1⤵
      PID:4236

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3208-132-0x00000000007CD000-0x0000000000804000-memory.dmp

      Filesize

      220KB

      Download

    • memory/3208-133-0x0000000002150000-0x00000000021A9000-memory.dmp

      Filesize

      356KB

      Download

    • memory/3208-134-0x0000000000400000-0x0000000000484000-memory.dmp

      Filesize

      528KB

      Download

    • memory/3208-135-0x0000000004C40000-0x00000000051E4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/3208-136-0x00000000051F0000-0x0000000005808000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/3208-137-0x0000000004B50000-0x0000000004B62000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3208-138-0x0000000005810000-0x000000000591A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/3208-139-0x0000000004B70000-0x0000000004BAC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/3208-140-0x0000000005B70000-0x0000000005C02000-memory.dmp

      Filesize

      584KB

      Download

    • memory/3208-141-0x0000000005C10000-0x0000000005C76000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3208-142-0x00000000062F0000-0x0000000006366000-memory.dmp

      Filesize

      472KB

      Download

    • memory/3208-143-0x00000000063B0000-0x00000000063CE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/3208-144-0x0000000006470000-0x0000000006632000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/3208-145-0x0000000006650000-0x0000000006B7C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/3208-146-0x00000000007CD000-0x0000000000804000-memory.dmp

      Filesize

      220KB

      Download

    • memory/3208-147-0x0000000000400000-0x0000000000484000-memory.dmp

      Filesize

      528KB

      Download