Overview

overview

10

Static

static

1

7048e3a317...39.exe

windows7-x64

1

7048e3a317...39.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    48s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    06-03-2023 00:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7048e3a317565c358dcbf27b24abaa39.exe

  • Size

    1.1MB

  • MD5

    7048e3a317565c358dcbf27b24abaa39

  • SHA1

    d847e157c186765ba54d856a3feee9af9fb5ca6b

  • SHA256

    dc104af3263fc87bbfb9002f805de324e608ed2a8ba8d127365e09d3d3bdbf99

  • SHA512

    da7a4271a6c89b644e418d212cbb3b955018f64720b64d34d8ca21e0a8eee1dcce6f7aac31200d9c1b13a512551271f74e8933aaecc79cc839e75ad75c12de16

  • SSDEEP

    24576:PfYsg64i1TqRNfRpoxg/+ANtg6xXLCqmANmlHj:PfP/tqrRsg/+qtgPAQF

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7048e3a317565c358dcbf27b24abaa39.exe
    "C:\Users\Admin\AppData\Local\Temp\7048e3a317565c358dcbf27b24abaa39.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Users\Admin\AppData\Local\Temp\7048e3a317565c358dcbf27b24abaa39.exe
      "C:\Users\Admin\AppData\Local\Temp\7048e3a317565c358dcbf27b24abaa39.exe"
      2⤵
        PID:1036
      • C:\Users\Admin\AppData\Local\Temp\7048e3a317565c358dcbf27b24abaa39.exe
        "C:\Users\Admin\AppData\Local\Temp\7048e3a317565c358dcbf27b24abaa39.exe"
        2⤵
          PID:436
        • C:\Users\Admin\AppData\Local\Temp\7048e3a317565c358dcbf27b24abaa39.exe
          "C:\Users\Admin\AppData\Local\Temp\7048e3a317565c358dcbf27b24abaa39.exe"
          2⤵
            PID:596
          • C:\Users\Admin\AppData\Local\Temp\7048e3a317565c358dcbf27b24abaa39.exe
            "C:\Users\Admin\AppData\Local\Temp\7048e3a317565c358dcbf27b24abaa39.exe"
            2⤵
              PID:692
            • C:\Users\Admin\AppData\Local\Temp\7048e3a317565c358dcbf27b24abaa39.exe
              "C:\Users\Admin\AppData\Local\Temp\7048e3a317565c358dcbf27b24abaa39.exe"
              2⤵
                PID:584

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2036-54-0x00000000003E0000-0x0000000000508000-memory.dmp

              Filesize

              1.2MB

              Download

            • memory/2036-55-0x0000000001EA0000-0x0000000001EE0000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2036-56-0x0000000000850000-0x000000000086A000-memory.dmp

              Filesize

              104KB

              Download

            • memory/2036-57-0x0000000000A10000-0x0000000000A1C000-memory.dmp

              Filesize

              48KB

              Download

            • memory/2036-58-0x0000000007FD0000-0x0000000008096000-memory.dmp

              Filesize

              792KB

              Download

            • memory/2036-59-0x0000000001F20000-0x0000000001F26000-memory.dmp

              Filesize

              24KB

              Download

            • memory/2036-60-0x00000000047A0000-0x00000000047FC000-memory.dmp

              Filesize

              368KB

              Download