Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    64s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2023, 03:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    499KB

  • MD5

    31df3a66ded53d3c64a930004e15308f

  • SHA1

    1e52545e0d9e3b1fd6069abcdf587a796d6f8c65

  • SHA256

    88ad35575a8679da7c4dcb0b0fa4db1b22322b6f568c2319d039c998accbf08c

  • SHA512

    bc3970b4bd66508cdb104da474c298dd493c82a10f6242c565b95332f548feadcac93d7da0c5b38c3fb44c983ae3430bf07d8f5dd432261959019e8a6baded00

  • SSDEEP

    12288:z06dZho+BTObrrAx+5V3EDPAyxfVcwOB:zDZ1TK/5VEDP3xtcwO

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4664
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 1860
      2⤵
      • Program crash
      PID:2916
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4664 -ip 4664
    1⤵
      PID:3248

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4664-132-0x0000000002E1D000-0x0000000002E54000-memory.dmp

      Filesize

      220KB

      Download

    • memory/4664-133-0x00000000074E0000-0x0000000007A84000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4664-134-0x00000000049A0000-0x00000000049F9000-memory.dmp

      Filesize

      356KB

      Download

    • memory/4664-135-0x0000000000400000-0x0000000002C6F000-memory.dmp

      Filesize

      40.4MB

      Download

    • memory/4664-136-0x0000000007A90000-0x00000000080A8000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4664-137-0x0000000007470000-0x0000000007482000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4664-138-0x00000000080B0000-0x00000000081BA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4664-139-0x0000000007490000-0x00000000074CC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4664-140-0x0000000008490000-0x0000000008522000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4664-141-0x0000000008530000-0x0000000008596000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4664-142-0x0000000008D50000-0x0000000008DC6000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4664-143-0x0000000008E10000-0x0000000008E2E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4664-144-0x0000000008ED0000-0x0000000009092000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4664-145-0x00000000090B0000-0x00000000095DC000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4664-146-0x0000000002E1D000-0x0000000002E54000-memory.dmp

      Filesize

      220KB

      Download

    • memory/4664-147-0x0000000000400000-0x0000000002C6F000-memory.dmp

      Filesize

      40.4MB

      Download