Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-01-2023 17:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    433KB

  • MD5

    5068d34d0dff26e2725ee7818d2c715d

  • SHA1

    9eed22f6414aa83dea47ff75dd131569d0f37d09

  • SHA256

    30c78cd350e0d08cd0199f2705b08cc6eccd0ee4ca21d4b0c58d70e956ab33be

  • SHA512

    da20c44e30e548ba616751f3459191ec47191b030475ed210349c717fc8daca881d29f1d2acf66ad12ab75434a74ef17cde182cec4468e3a2369c9f2f351ce5b

  • SSDEEP

    12288:4rrNTf2siEeORoiqXxpgVWso0j9f+nBQzS:4Hdf2JEegVqXHgVWz0t+nGzS

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2500
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 1244
      2⤵
      • Program crash
      PID:3100
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2500 -ip 2500
    1⤵
      PID:4644

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2500-132-0x0000000002CED000-0x0000000002D23000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2500-133-0x00000000049B0000-0x0000000004A09000-memory.dmp

      Filesize

      356KB

      Download

    • memory/2500-134-0x0000000000400000-0x0000000002C5E000-memory.dmp

      Filesize

      40.4MB

      Download

    • memory/2500-135-0x00000000074E0000-0x0000000007A84000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2500-136-0x0000000007A90000-0x00000000080A8000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/2500-137-0x0000000007460000-0x0000000007472000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2500-138-0x00000000080B0000-0x00000000081BA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/2500-139-0x0000000007480000-0x00000000074BC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2500-140-0x0000000008480000-0x00000000084E6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/2500-141-0x0000000008B50000-0x0000000008BE2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/2500-142-0x0000000008C00000-0x0000000008C76000-memory.dmp

      Filesize

      472KB

      Download

    • memory/2500-143-0x0000000008CC0000-0x0000000008CDE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/2500-144-0x0000000008D80000-0x0000000008F42000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/2500-145-0x0000000008F60000-0x000000000948C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/2500-146-0x0000000002CED000-0x0000000002D23000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2500-147-0x0000000000400000-0x0000000002C5E000-memory.dmp

      Filesize

      40.4MB

      Download