Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    61s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2023 12:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    432KB

  • MD5

    65e8c4943b29a4b7831c9f3a89732ccc

  • SHA1

    f738c9777c6e7a950aca0fd709b03f558ed3f350

  • SHA256

    d90f90ea2d06335f007b946cde0ddf5a35d33607c6286b7b506c33ceaceb6613

  • SHA512

    fd0451036a471b9b9ead516cc1f85dc96c72612fee6fed69c20454c0ea609a788f7ca1d21f6c0760b532b41c15ac6c9bea95d5824fd9b3279919a51691cf4729

  • SSDEEP

    12288:FTdm2/bVNaY4eU6Idgh6aWvE8A9cZKAhE7:FTdm2RNaTAIdRvjAkbE

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:860
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 1264
      2⤵
      • Program crash
      PID:2452
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 860 -ip 860
    1⤵
      PID:4596

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/860-132-0x0000000002CBD000-0x0000000002CF4000-memory.dmp

      Filesize

      220KB

      Download

    • memory/860-133-0x0000000004910000-0x0000000004969000-memory.dmp

      Filesize

      356KB

      Download

    • memory/860-134-0x00000000073A0000-0x0000000007944000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/860-135-0x0000000000400000-0x0000000002BD4000-memory.dmp

      Filesize

      39.8MB

      Download

    • memory/860-136-0x0000000007950000-0x0000000007F68000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/860-137-0x0000000007FC0000-0x0000000007FD2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/860-138-0x0000000007FE0000-0x00000000080EA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/860-139-0x00000000080F0000-0x000000000812C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/860-140-0x0000000002CBD000-0x0000000002CF4000-memory.dmp

      Filesize

      220KB

      Download

    • memory/860-141-0x0000000008550000-0x00000000085B6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/860-142-0x0000000008C10000-0x0000000008CA2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/860-143-0x0000000008CE0000-0x0000000008EA2000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/860-144-0x0000000008EC0000-0x00000000093EC000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/860-145-0x0000000009600000-0x0000000009676000-memory.dmp

      Filesize

      472KB

      Download

    • memory/860-146-0x00000000096C0000-0x00000000096DE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/860-147-0x0000000000400000-0x0000000002BD4000-memory.dmp

      Filesize

      39.8MB

      Download

    • memory/860-148-0x0000000002CBD000-0x0000000002CF4000-memory.dmp

      Filesize

      220KB

      Download