Overview

overview

10

Static

static

Booking_026xls.exe

windows7-x64

1

Booking_026xls.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    43s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2023, 15:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Booking_026xls.exe

  • Size

    762KB

  • MD5

    a585978049b92aae727e1194e57fe33b

  • SHA1

    fe4d4fa0fee1d7659a51bf7bc4cdb9eff1c8a091

  • SHA256

    bcb56d0fe856303e717cc5063013acebff9df5645629472ab2600248a604d0b9

  • SHA512

    de4f9a3c748ba8b82fb4cb2fa5f816317dc68aa632de26304d708037b9a1c65a55c5125b84ce42b5200438103ab3066f50064ba24c9c089c61f59ba0bcae1a18

  • SSDEEP

    12288:rzSgbiZU6XgScm6mTGL0YEW+VxEPW0jNM8WUFJVbqaT5SomZn0ZaHJBq6Tc9Vo:HSPXgVSTGLZEW+VyM8vb95bn8w

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Booking_026xls.exe
    "C:\Users\Admin\AppData\Local\Temp\Booking_026xls.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1404
    • C:\Users\Admin\AppData\Local\Temp\Booking_026xls.exe
      "{path}"
      2⤵
        PID:1684
      • C:\Users\Admin\AppData\Local\Temp\Booking_026xls.exe
        "{path}"
        2⤵
          PID:1680
        • C:\Users\Admin\AppData\Local\Temp\Booking_026xls.exe
          "{path}"
          2⤵
            PID:1528
          • C:\Users\Admin\AppData\Local\Temp\Booking_026xls.exe
            "{path}"
            2⤵
              PID:1664
            • C:\Users\Admin\AppData\Local\Temp\Booking_026xls.exe
              "{path}"
              2⤵
                PID:1572

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1404-54-0x00000000003B0000-0x0000000000474000-memory.dmp

              Filesize

              784KB

              Download

            • memory/1404-55-0x0000000075A11000-0x0000000075A13000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1404-56-0x0000000000490000-0x000000000049E000-memory.dmp

              Filesize

              56KB

              Download

            • memory/1404-57-0x0000000005700000-0x0000000005786000-memory.dmp

              Filesize

              536KB

              Download

            • memory/1404-58-0x0000000004E10000-0x0000000004E6A000-memory.dmp

              Filesize

              360KB

              Download