Overview

overview

8

Static

static

Scanner.exe

windows7-x64

Scanner.exe

windows10-2004-x64

Analysis

  • max time kernel
    31s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-12-2022 18:33

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Scanner.exe

  • Size

    7.4MB

  • MD5

    e2057aaea8e58425a4180d2b905f95d2

  • SHA1

    acb25fa1cad1a550a5cbcaa2be41e90873c039bb

  • SHA256

    39ae018f73b97f159e7a406ea96d1af1e54fe51f5377b6813d4b38ac81c869c6

  • SHA512

    dcf2973e209f88c98fa13727abb2272b38cb329dd0ad87390bcd4a91b70a69718c6ba3859df324fb900a75e839494e96582da8fea259caf574f2ab562ef21c00

  • SSDEEP

    98304:fVvoygIM7g0yNGu80jgCrME+j8obDdKauZ+ngSqd:9vo7g/o0/ME+QobUauZYgrd

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Scanner.exe
    "C:\Users\Admin\AppData\Local\Temp\Scanner.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4968
    • C:\Users\Admin\AppData\Local\Temp\Scanner64.exe
      C:\Users\Admin\AppData\Local\Temp\Scanner64.exe
      2⤵
      • Executes dropped EXE
      PID:4188
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa3980055 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:4932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Scanner64.exe
    Filesize

    4.2MB

    MD5

    1bab36b4e9fe3345c1b8ff03209bbd53

    SHA1

    552d75bdc7413acbc880ec785685a0c15d4ce34e

    SHA256

    5fd943c59f2a2f988ba6a740ecc3e0b36e4250d461abaf11808c249d52473f29

    SHA512

    50c24f1d8d720ccd7207fcabc9e21c5c6cece3f627406bf45dc5ecaeb7a4fd2d0e0a89fa0dba615136f1c9b57efe212e1f2964a3b7707e81fbb1f7d51fb5bfb3

    Download Submit