Overview

overview

10

Static

static

1

c51gp51.exe

windows7-x64

10

c51gp51.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    56s
  • max time network
    61s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/03/2023, 02:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c51gp51.exe

  • Size

    376KB

  • MD5

    bff09b0b2e95855edf0d19a2016fdd90

  • SHA1

    41934a2817ef8c187b6747c6e3d8bdc4589f782e

  • SHA256

    a3aed0b5f1e9c80a2e31adb7720ea91134325d8428ffe3782c4be1cd2939f0dc

  • SHA512

    2629e909479e16eefbb0e68d8bab835a2754520cbeff797779eb2ab043c2cf91f11555f108b6c11c91076fbbcb909b45bdfccbbf52d51b398b4300010714c44e

  • SSDEEP

    3072:nm/okWL+M6Jtp8pFyh6r2G9Nk4BtoW21Bmd71TMeBM0UO8Or5/oQdA2:maLCXeyh62G9561MjTzXho4

Score
10/10
evasiontrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c51gp51.exe
    "C:\Users\Admin\AppData\Local\Temp\c51gp51.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4696
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 948
      2⤵
      • Program crash
      PID:1240
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4696 -ip 4696
    1⤵
      PID:5020

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4696-134-0x0000000000B00000-0x0000000000B2D000-memory.dmp

            Filesize

            180KB

            Download

          • memory/4696-135-0x0000000005260000-0x0000000005804000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/4696-137-0x00000000029B0000-0x00000000029C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4696-136-0x00000000029B0000-0x00000000029C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4696-139-0x00000000029B0000-0x00000000029C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4696-141-0x00000000029B0000-0x00000000029C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4696-143-0x00000000029B0000-0x00000000029C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4696-145-0x00000000029B0000-0x00000000029C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4696-147-0x00000000029B0000-0x00000000029C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4696-149-0x00000000029B0000-0x00000000029C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4696-151-0x00000000029B0000-0x00000000029C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4696-153-0x00000000029B0000-0x00000000029C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4696-155-0x00000000029B0000-0x00000000029C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4696-157-0x00000000029B0000-0x00000000029C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4696-159-0x00000000029B0000-0x00000000029C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4696-161-0x00000000029B0000-0x00000000029C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4696-163-0x00000000029B0000-0x00000000029C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4696-164-0x0000000005250000-0x0000000005260000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4696-165-0x0000000005250000-0x0000000005260000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4696-166-0x0000000005250000-0x0000000005260000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4696-167-0x0000000000400000-0x0000000000864000-memory.dmp

            Filesize

            4.4MB

            Download

          • memory/4696-169-0x0000000005250000-0x0000000005260000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4696-170-0x0000000005250000-0x0000000005260000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4696-171-0x0000000005250000-0x0000000005260000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4696-172-0x0000000000400000-0x0000000000864000-memory.dmp

            Filesize

            4.4MB

            Download