Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    66s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2023, 22:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    364KB

  • MD5

    df11f2738576995cb208cdb6978c3f96

  • SHA1

    a153081c662724fe1084141f1e4bba70f6758dd8

  • SHA256

    1f91d3494b152ceab10e60f35d58d976c4456f3e8733657f2c6195aad4149ff2

  • SHA512

    9ceab39bb4bfabd2a603dfad20acc14d696b76d7098afabd443722e97be6b021698aa9d1892017892b182ad4e9db6c4d78a6c1e85383cdf7caa104feb06abe05

  • SSDEEP

    6144:xw/L4Uwvl8r7YpzYVIzV4nlexnemTZ64yqqoEA74uD6O7gWIOu3:y/cUwvl8r7YJPzV4n0neyyfuDoWIOs

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:5100
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 1256
      2⤵
      • Program crash
      PID:4280
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5100 -ip 5100
    1⤵
      PID:4824

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/5100-132-0x0000000002D69000-0x0000000002D9F000-memory.dmp

      Filesize

      216KB

      Download

    • memory/5100-133-0x00000000047F0000-0x0000000004849000-memory.dmp

      Filesize

      356KB

      Download

    • memory/5100-134-0x00000000074B0000-0x0000000007A54000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/5100-135-0x0000000000400000-0x0000000002BC3000-memory.dmp

      Filesize

      39.8MB

      Download

    • memory/5100-136-0x0000000007A60000-0x0000000008078000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/5100-137-0x00000000073D0000-0x00000000073E2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/5100-138-0x0000000008080000-0x000000000818A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/5100-139-0x00000000073F0000-0x000000000742C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/5100-140-0x00000000083F0000-0x0000000008482000-memory.dmp

      Filesize

      584KB

      Download

    • memory/5100-141-0x0000000008490000-0x00000000084F6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/5100-142-0x0000000008C70000-0x0000000008CE6000-memory.dmp

      Filesize

      472KB

      Download

    • memory/5100-143-0x0000000008D30000-0x0000000008D4E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/5100-144-0x0000000008DF0000-0x0000000008FB2000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/5100-145-0x0000000008FD0000-0x00000000094FC000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/5100-146-0x0000000002D69000-0x0000000002D9F000-memory.dmp

      Filesize

      216KB

      Download

    • memory/5100-147-0x0000000000400000-0x0000000002BC3000-memory.dmp

      Filesize

      39.8MB

      Download