Overview

overview

10

Static

static

10

enc.exe

windows7-x64

1

enc.exe

windows10-2004-x64

1

Resubmissions

07-02-2023 19:55

230207-yngtaafd73 10

07-02-2023 18:36

230207-w9awradb82 10

07-02-2023 18:33

230207-w67rbagd6w 10

07-02-2023 18:22

230207-wz1pesgd3v 10

06-02-2023 08:47

230206-kp6bdagc2s 10

05-02-2023 06:30

230205-g9r3psbg2y 10

05-02-2023 05:12

230205-fwa2labf3w 10

Analysis

  • max time kernel
    74s
  • max time network
    54s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07-02-2023 19:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    enc.exe

  • Size

    7.0MB

  • MD5

    2c3fd1791655c8e7c0f593bb73c405ab

  • SHA1

    dc872a099c9639dd0f892493af332581b4cb3945

  • SHA256

    cf999aff9bd0eff93c30faaf278035f58ccf70d690b54b2ddff8461b846008f2

  • SHA512

    8fee2d35e0eb72d4ca0b1d7e72be2c7909cb92e33b7410b6ec7db6eeae0044d35ce6829610ed46a8207356f1e868dcbfd4d26b1b2ea9f0d458e168a5f1589f7d

  • SSDEEP

    98304:bAQQU9TWEdwOY7jhM28X5dq8Lk1BssJJmk3os1hV:bAQQU4Mw37jhUX5KAsJJmcoeL

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\enc.exe
    "C:\Users\Admin\AppData\Local\Temp\enc.exe"
    1⤵
      PID:1996
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1568
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x510
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1508
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1332
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          powershell
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1380

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1380-58-0x000007FEF3380000-0x000007FEF3DA3000-memory.dmp

        Filesize

        10.1MB

        Download

      • memory/1380-59-0x000007FEF2760000-0x000007FEF32BD000-memory.dmp

        Filesize

        11.4MB

        Download

      • memory/1380-61-0x00000000025D4000-0x00000000025D7000-memory.dmp

        Filesize

        12KB

        Download

      • memory/1380-60-0x000000001B7B0000-0x000000001BAAF000-memory.dmp

        Filesize

        3.0MB

        Download

      • memory/1380-62-0x00000000025DB000-0x00000000025FA000-memory.dmp

        Filesize

        124KB

        Download

      • memory/1380-63-0x00000000025D4000-0x00000000025D7000-memory.dmp

        Filesize

        12KB

        Download

      • memory/1380-64-0x00000000025DB000-0x00000000025FA000-memory.dmp

        Filesize

        124KB

        Download

      • memory/1568-55-0x000007FEFB831000-0x000007FEFB833000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1996-54-0x0000000076031000-0x0000000076033000-memory.dmp

        Filesize

        8KB

        Download