Analysis

  • max time kernel
    30s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    21/01/2023, 16:52

General

  • Target

    Screenshot Map/Screenshot Map.exe

  • Size

    604.7MB

  • MD5

    ba1d3d2b21dec1e014e2eeb53960bc0d

  • SHA1

    b18975b765c1eec576da7e9318295a0c5ac10633

  • SHA256

    e5de228ce392a919b67059c57da866670d14ac05540f7e4be112289af6c4e10d

  • SHA512

    0d4a955bdcab1f88cffb0138b645568aee97ea0bf0de1a61fb3442e0aa02ddc021605b70fb51b5d235fda448e85dd89101973b3d5eac2b91f4d03acc2a54ec2d

  • SSDEEP

    12288:zMdwkvS0PLKHM7qZX1I5OrfQyEMPmT2rgRpA03+M4wKiTCIwEY7tRSGdg9obgP9s:QdwkvtlWZX1OWe1q

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Screenshot Map\Screenshot Map.exe
    "C:\Users\Admin\AppData\Local\Temp\Screenshot Map\Screenshot Map.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1516
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/984-58-0x00000000744F0000-0x0000000074A9B000-memory.dmp

    Filesize

    5.7MB

  • memory/984-59-0x00000000744F0000-0x0000000074A9B000-memory.dmp

    Filesize

    5.7MB

  • memory/1516-54-0x0000000000CC0000-0x0000000000D10000-memory.dmp

    Filesize

    320KB

  • memory/1516-55-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

    Filesize

    8KB