Overview

overview

8

Static

static

1

PI160256.exe

windows7-x64

8

PI160256.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/03/2023, 18:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    PI160256.exe

  • Size

    1.1MB

  • MD5

    52c391a4d3224a3bed92f831d4e1236a

  • SHA1

    0ddf484664dacb98fa7e7b7aca6cdcb31b4b3216

  • SHA256

    7fd5172067f790c21d11dc37987f04bbe9e4c04038074b788ac79bcc83c06f1a

  • SHA512

    c40e3a404799b24edf124fbae410baca2e6f81a25b2cdc36f53c0c212be3caad9b5f8afe9f55374e4234dcff577156ab19bb7a7deba0873ccbcc0f70d604748e

  • SSDEEP

    24576:1MWfSukGK9fNqt4NaYgHvOznGVPKl4OMODDf2+:GUSn5Nqtyg23Hf/

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 3 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 50 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3188
    • C:\Users\Admin\AppData\Local\Temp\PI160256.exe
      "C:\Users\Admin\AppData\Local\Temp\PI160256.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2496
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
        3⤵
          PID:3408
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
          3⤵
          • Suspicious use of SetThreadContext
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of AdjustPrivilegeToken
          PID:2948
      • C:\Windows\SysWOW64\msiexec.exe
        "C:\Windows\SysWOW64\msiexec.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1260
        • C:\Program Files\Mozilla Firefox\Firefox.exe
          "C:\Program Files\Mozilla Firefox\Firefox.exe"
          3⤵
            PID:640
            • C:\Windows\system32\WerFault.exe
              C:\Windows\system32\WerFault.exe -u -p 640 -s 128
              4⤵
              • Program crash
              PID:2304
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -pss -s 440 -p 640 -ip 640
        1⤵
          PID:2660

        Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/1260-147-0x0000000000F70000-0x0000000000F82000-memory.dmp

                Filesize

                72KB

                Download

              • memory/1260-154-0x0000000002DA0000-0x0000000002E2F000-memory.dmp

                Filesize

                572KB

                Download

              • memory/1260-153-0x0000000002F40000-0x000000000328A000-memory.dmp

                Filesize

                3.3MB

                Download

              • memory/1260-152-0x0000000000F70000-0x0000000000F82000-memory.dmp

                Filesize

                72KB

                Download

              • memory/1260-151-0x0000000000E60000-0x0000000000E8D000-memory.dmp

                Filesize

                180KB

                Download

              • memory/1260-149-0x0000000000F70000-0x0000000000F82000-memory.dmp

                Filesize

                72KB

                Download

              • memory/2496-138-0x0000000007180000-0x0000000007190000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2496-136-0x0000000006FE0000-0x0000000006FEA000-memory.dmp

                Filesize

                40KB

                Download

              • memory/2496-134-0x0000000007550000-0x0000000007AF4000-memory.dmp

                Filesize

                5.6MB

                Download

              • memory/2496-135-0x0000000007040000-0x00000000070D2000-memory.dmp

                Filesize

                584KB

                Download

              • memory/2496-137-0x0000000007180000-0x0000000007190000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2496-133-0x0000000000030000-0x000000000014A000-memory.dmp

                Filesize

                1.1MB

                Download

              • memory/2496-139-0x0000000009B20000-0x0000000009BBC000-memory.dmp

                Filesize

                624KB

                Download

              • memory/2948-145-0x00000000011C0000-0x00000000011D0000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2948-144-0x0000000000400000-0x000000000042F000-memory.dmp

                Filesize

                188KB

                Download

              • memory/2948-140-0x0000000000400000-0x000000000042F000-memory.dmp

                Filesize

                188KB

                Download

              • memory/2948-143-0x0000000001790000-0x0000000001ADA000-memory.dmp

                Filesize

                3.3MB

                Download

              • memory/2948-142-0x0000000000400000-0x000000000042F000-memory.dmp

                Filesize

                188KB

                Download

              • memory/3188-146-0x0000000002AA0000-0x0000000002B87000-memory.dmp

                Filesize

                924KB

                Download

              • memory/3188-155-0x0000000008250000-0x000000000832D000-memory.dmp

                Filesize

                884KB

                Download

              • memory/3188-163-0x0000000008250000-0x000000000832D000-memory.dmp

                Filesize

                884KB

                Download