Analysis

  • max time kernel
    31s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    21/01/2023, 20:56

General

  • Target

    Screenshot Map.exe

  • Size

    293KB

  • MD5

    0b916c1bb37ac75ef96d827e662a164c

  • SHA1

    05c06be84c9f61c123e1c35e2004e15c05b5f28a

  • SHA256

    ee8ae89f2f8a6e6804c3772181a889ec77fce227a31b12d9a409259f86b48702

  • SHA512

    54f32e9a9435340cd0a3fc6e28c1637e15a6c261d87d19317cf7b4fe01efbabdad2c848b68f9b35cf2000a0a2a9e0037e160604b29be49538499160c9ef8c754

  • SSDEEP

    6144:8G/M39DFekGOj/+HgS0P4mKHMN5/B4FL:zMdwkvS0PLKHM7qZ

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Screenshot Map.exe
    "C:\Users\Admin\AppData\Local\Temp\Screenshot Map.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1764
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1764-54-0x00000000009D0000-0x0000000000A20000-memory.dmp

    Filesize

    320KB

  • memory/1764-55-0x0000000075E81000-0x0000000075E83000-memory.dmp

    Filesize

    8KB

  • memory/2024-58-0x0000000073BB0000-0x000000007415B000-memory.dmp

    Filesize

    5.7MB

  • memory/2024-59-0x0000000073BB0000-0x000000007415B000-memory.dmp

    Filesize

    5.7MB