Overview

overview

8

Static

static

3

Checker.exe

windows7-x64

7

Checker.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    28s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2023, 23:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Checker.exe

  • Size

    10.1MB

  • MD5

    36207a182d53671a1b73529511bdc015

  • SHA1

    6659e437ce93f0944250017b493732d0b7b83ee2

  • SHA256

    248bceb205eba4f67f6deaf745531aab60f3af793df84be103493ffbe9b54fb9

  • SHA512

    983f5cc2964c61b6ce77f473186b046b5aca0cabdb8da03c8fc9d6e294c09eb993fd722d9b6582524afc654b6f48785ec3d29e7a685930c64dbfc26938cd8bb0

  • SSDEEP

    196608:AgwZ9L2Vmd6+D/Wc/f/+SH/1q3+dgStEgSJf0W8/LaRJXOnfh:f4L2Vmd6mOc/euq3+d9LSJcW8kyZ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Checker.exe
    "C:\Users\Admin\AppData\Local\Temp\Checker.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:844
    • C:\Users\Admin\AppData\Local\Temp\Checker.exe
      "C:\Users\Admin\AppData\Local\Temp\Checker.exe"
      2⤵
      • Loads dropped DLL
      PID:1736
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:5316
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x584
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:5440

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\_MEI8442\python310.dll
            Filesize

            4.3MB

            MD5

            c80b5cb43e5fe7948c3562c1fff1254e

            SHA1

            f73cb1fb9445c96ecd56b984a1822e502e71ab9d

            SHA256

            058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

            SHA512

            faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_MEI8442\python310.dll
            Filesize

            4.3MB

            MD5

            c80b5cb43e5fe7948c3562c1fff1254e

            SHA1

            f73cb1fb9445c96ecd56b984a1822e502e71ab9d

            SHA256

            058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

            SHA512

            faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

            Download Submit