6cc0505bc3d39f9806d605ba115dd302da1f485554ec44c9c96286f5ea34d909

Analysis

max time kernel
50s
max time network
67s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
05-02-2023 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Srenshare tool/Tools/UserAssistView.exe
Size

30KB
MD5

f36530f46a34516be38521ee9a134d28
SHA1

47f0553e0a0febbef59fd9a32149497bbdd5229c
SHA256

bc11c4150bbc6f8b2cf7bc96bedbb183c61d53ab8e4052b15d58bad6b6d1befa
SHA512

5c1a1282ffc25409d0044770c80e92f7a89fb40567dbb24f64f46750083bb30b842a63ef58b8b9433fa5a5903a5aa7bf71ee941709365c6bc17a9f4d85b1ad5d
SSDEEP

384:IecsPHRggjhCnMgZas8+oAEqPm63AovtX625wWMPODVDSt/U/BEUxhUp5Erzrbqu:HhCWSrPlX62arODxS1U/Br9nrbqUo

Score

9^/10

upx

Malware Config

Signatures

Nirsoft 1 IoCs

Processes:

resource	yara_rule
behavioral13/memory/2388-164-0x0000000000400000-0x0000000000416000-memory.dmp	Nirsoft

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral13/memory/2388-129-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral13/memory/2388-164-0x0000000000400000-0x0000000000416000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

UserAssistView.exe

pid process

2388 UserAssistView.exe

pid	process
2388	UserAssistView.exe

C:\Users\Admin\AppData\Local\Temp\Srenshare tool\Tools\UserAssistView.exe
"C:\Users\Admin\AppData\Local\Temp\Srenshare tool\Tools\UserAssistView.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2388-120-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-121-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-122-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-123-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-124-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-125-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-126-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-127-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-128-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-129-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2388-130-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-131-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-133-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-132-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-134-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-135-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-136-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-138-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-137-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-139-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-140-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-142-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-141-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-144-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-143-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-145-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-147-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-146-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-149-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-148-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-151-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-150-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-152-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-153-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-155-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-154-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-156-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-157-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-158-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-159-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-161-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-162-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-163-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-160-0x0000000077330000-0x00000000774BE000-memory.dmp

Filesize
1.6MB

Download
memory/2388-164-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download