Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2023, 15:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    458KB

  • MD5

    68e892ef20821886a2cd3e8572fde632

  • SHA1

    2ba067d806b05913df4dd32c6606690b7b58f53f

  • SHA256

    6d1de9c86cf49e38d6bbac7f2b1cec4486e70c32435d5069a40ed04847db2a7e

  • SHA512

    1a6e4597024c8daf3ff2a3f9344e5268c8a89151592e3703eb0617871a91493c69eca18742c5854506d93913f97836a819d4625d5e387340ba27bbb3f6074ea9

  • SSDEEP

    12288:GkbWj9iO5e1IrIwBUwZHmcCH3uC696++gb:GYWj9zY0ZUimp3p6r+q

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3312
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 1900
      2⤵
      • Program crash
      PID:628
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 3312 -ip 3312
    1⤵
      PID:208

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3312-132-0x000000000075E000-0x0000000000794000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3312-133-0x0000000002280000-0x00000000022D9000-memory.dmp

      Filesize

      356KB

      Download

    • memory/3312-134-0x0000000000400000-0x0000000000478000-memory.dmp

      Filesize

      480KB

      Download

    • memory/3312-135-0x0000000004D60000-0x0000000005304000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/3312-136-0x0000000005310000-0x0000000005928000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/3312-137-0x0000000004C80000-0x0000000004C92000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3312-138-0x0000000005930000-0x0000000005A3A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/3312-139-0x0000000004CA0000-0x0000000004CDC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/3312-140-0x0000000005CA0000-0x0000000005D32000-memory.dmp

      Filesize

      584KB

      Download

    • memory/3312-141-0x0000000005D40000-0x0000000005DA6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3312-142-0x0000000006570000-0x00000000065E6000-memory.dmp

      Filesize

      472KB

      Download

    • memory/3312-143-0x00000000065F0000-0x000000000660E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/3312-144-0x0000000006690000-0x0000000006852000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/3312-145-0x0000000006880000-0x0000000006DAC000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/3312-146-0x000000000075E000-0x0000000000794000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3312-147-0x000000000075E000-0x0000000000794000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3312-148-0x0000000000400000-0x0000000000478000-memory.dmp

      Filesize

      480KB

      Download