Overview

overview

6

Static

static

1

sample.exe

windows7-x64

1

sample.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    79s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-03-2023 21:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.exe

  • Size

    57.5MB

  • MD5

    90cafcfe502fa0fd7264ab5adfd877c3

  • SHA1

    5305c31660c89d843bd7c21c5b88f8d5458e402a

  • SHA256

    453bdba227d2bbc5675c475dc65e1895c343a0e3e779febc295b59cfd1b7cb22

  • SHA512

    d2185f877c93156e060eb0c66f9019b9e533095972df94f0fcae3ffdf3a93756418e4b5673cddc6b93321b7c0dc64df983b6cf02ecd7460fd5b09c87d40046f0

  • SSDEEP

    393216:uirSIUJHFC2b5mXKQ/kb/psajPaoGiOuBk8K0fUAjMsKMWm3gXvLhbMb7o3a9Cc+:uj1CXF092XvCYuCcwTpH43pA

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates processes with tasklist 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sample.exe
    "C:\Users\Admin\AppData\Local\Temp\sample.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1896
      • C:\Windows\system32\tasklist.exe
        tasklist
        3⤵
        • Enumerates processes with tasklist
        • Suspicious use of AdjustPrivilegeToken
        PID:2104

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads