Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-01-2023 02:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    412KB

  • MD5

    9d474e882070d6e8abfb93feea4b166b

  • SHA1

    aed23213a9dead4c664d36c8f8e362e181227cee

  • SHA256

    7a344738b372be940d83d245d424a8c574dea070532d756f40fb428eaa5e593c

  • SHA512

    bd56b3ad8f466af97c8bf9f482b2ab37211c5a4f701cf5036e417cb885c3dde2497560e8714ae906ff596045e53b07311a390d77ba205eb180fe76807adede18

  • SSDEEP

    12288:1tzvG5um9OHi1YJpJDjQcUmCLoVx6bX8o:11G5umlYJpJAcURof

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4940
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 1268
      2⤵
      • Program crash
      PID:1508
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4940 -ip 4940
    1⤵
      PID:3664

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4940-132-0x0000000002E5D000-0x0000000002E93000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4940-133-0x0000000002D60000-0x0000000002DB9000-memory.dmp

      Filesize

      356KB

      Download

    • memory/4940-134-0x0000000000400000-0x0000000002BCF000-memory.dmp

      Filesize

      39.8MB

      Download

    • memory/4940-135-0x00000000073B0000-0x0000000007954000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4940-136-0x0000000007960000-0x0000000007F78000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4940-137-0x0000000007FB0000-0x0000000007FC2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4940-138-0x0000000007FD0000-0x00000000080DA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4940-139-0x00000000080E0000-0x000000000811C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4940-140-0x00000000083F0000-0x0000000008482000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4940-141-0x0000000008490000-0x00000000084F6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4940-142-0x0000000008DC0000-0x0000000008E36000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4940-143-0x0000000008E70000-0x0000000008E8E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4940-144-0x0000000008F30000-0x00000000090F2000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4940-145-0x0000000009110000-0x000000000963C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4940-146-0x0000000002E5D000-0x0000000002E93000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4940-147-0x0000000000400000-0x0000000002BCF000-memory.dmp

      Filesize

      39.8MB

      Download