Overview

overview

8

Static

static

Scanner.exe

windows7-x64

Scanner.exe

windows10-2004-x64

Analysis

  • max time kernel
    19s
  • max time network
    22s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2022 18:33

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Scanner.exe

  • Size

    7.4MB

  • MD5

    e2057aaea8e58425a4180d2b905f95d2

  • SHA1

    acb25fa1cad1a550a5cbcaa2be41e90873c039bb

  • SHA256

    39ae018f73b97f159e7a406ea96d1af1e54fe51f5377b6813d4b38ac81c869c6

  • SHA512

    dcf2973e209f88c98fa13727abb2272b38cb329dd0ad87390bcd4a91b70a69718c6ba3859df324fb900a75e839494e96582da8fea259caf574f2ab562ef21c00

  • SSDEEP

    98304:fVvoygIM7g0yNGu80jgCrME+j8obDdKauZ+ngSqd:9vo7g/o0/ME+QobUauZYgrd

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Scanner.exe
    "C:\Users\Admin\AppData\Local\Temp\Scanner.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:816
    • C:\Users\Admin\AppData\Local\Temp\Scanner64.exe
      C:\Users\Admin\AppData\Local\Temp\Scanner64.exe
      2⤵
      • Executes dropped EXE
      PID:2004
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:1560
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x570
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1172
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:324

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\Scanner64.exe
        Filesize

        4.2MB

        MD5

        1bab36b4e9fe3345c1b8ff03209bbd53

        SHA1

        552d75bdc7413acbc880ec785685a0c15d4ce34e

        SHA256

        5fd943c59f2a2f988ba6a740ecc3e0b36e4250d461abaf11808c249d52473f29

        SHA512

        50c24f1d8d720ccd7207fcabc9e21c5c6cece3f627406bf45dc5ecaeb7a4fd2d0e0a89fa0dba615136f1c9b57efe212e1f2964a3b7707e81fbb1f7d51fb5bfb3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Scanner64.exe
        Filesize

        4.2MB

        MD5

        1bab36b4e9fe3345c1b8ff03209bbd53

        SHA1

        552d75bdc7413acbc880ec785685a0c15d4ce34e

        SHA256

        5fd943c59f2a2f988ba6a740ecc3e0b36e4250d461abaf11808c249d52473f29

        SHA512

        50c24f1d8d720ccd7207fcabc9e21c5c6cece3f627406bf45dc5ecaeb7a4fd2d0e0a89fa0dba615136f1c9b57efe212e1f2964a3b7707e81fbb1f7d51fb5bfb3

        Download Submit

      • memory/1560-57-0x000007FEFB731000-0x000007FEFB733000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2004-55-0x0000000000000000-mapping.dmp

        Download