Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/01/2023, 01:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    391KB

  • MD5

    088d120a515e7daa4d194c262a6a25ff

  • SHA1

    cad8d0fec4916ece3a7dfddadaa382b587d3e283

  • SHA256

    3e0b83a0a45d40edd09dd96ec620bdec59b2b84eb90eec31c139f0bf21e17fb8

  • SHA512

    7a1dc8e17148bea7205a2d4bbf13d718081c956e83081595f4d9508f563eddcf733247f3803ccd3149c1e2bbc0acd75e2d3a9d2a6f3bcbf618c5cfcfd3d76d86

  • SSDEEP

    6144:vzL4sz++UebUy9NwaME5QcgtHlkYR903mbJ9sZY:vzssz+zebjNKvcumYR95t9

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3124
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 1860
      2⤵
      • Program crash
      PID:1932
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3124 -ip 3124
    1⤵
      PID:2472

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3124-132-0x000000000051D000-0x0000000000553000-memory.dmp

            Filesize

            216KB

            Download

          • memory/3124-133-0x00000000021C0000-0x0000000002219000-memory.dmp

            Filesize

            356KB

            Download

          • memory/3124-134-0x0000000000400000-0x000000000047F000-memory.dmp

            Filesize

            508KB

            Download

          • memory/3124-135-0x0000000004D90000-0x0000000005334000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/3124-136-0x0000000005340000-0x0000000005958000-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/3124-137-0x0000000004C80000-0x0000000004C92000-memory.dmp

            Filesize

            72KB

            Download

          • memory/3124-138-0x0000000005960000-0x0000000005A6A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3124-139-0x0000000004CA0000-0x0000000004CDC000-memory.dmp

            Filesize

            240KB

            Download

          • memory/3124-140-0x0000000005CA0000-0x0000000005D32000-memory.dmp

            Filesize

            584KB

            Download

          • memory/3124-141-0x0000000005D40000-0x0000000005DA6000-memory.dmp

            Filesize

            408KB

            Download

          • memory/3124-142-0x0000000006530000-0x00000000065A6000-memory.dmp

            Filesize

            472KB

            Download

          • memory/3124-143-0x00000000065E0000-0x00000000065FE000-memory.dmp

            Filesize

            120KB

            Download

          • memory/3124-144-0x00000000066A0000-0x0000000006862000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3124-145-0x0000000006880000-0x0000000006DAC000-memory.dmp

            Filesize

            5.2MB

            Download

          • memory/3124-146-0x0000000000400000-0x000000000047F000-memory.dmp

            Filesize

            508KB

            Download