Overview

overview

6

Static

static

1

winprofile

windows7-x64

6

winprofile

windows10-1703-x64

1

Analysis

  • max time kernel
    126s
  • max time network
    252s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28/03/2023, 04:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e1a13b501f98bc44503f719cf0905a070b5ce1a42f66d2cb530df8f172274cdc.exe

  • Size

    13.5MB

  • MD5

    581176025eb809b5120fd584cb9dc237

  • SHA1

    27d01c619b0d076e31343eeb456f47f8d27f7574

  • SHA256

    e1a13b501f98bc44503f719cf0905a070b5ce1a42f66d2cb530df8f172274cdc

  • SHA512

    5b0d4992e2014d76f8c707f96da54d48bc5b17b6aca9e55f8f8eac42e1d6001788ffab043e4b9d0bd4a67f0acb79b0121edc411661b99eb96d9d899a7d25e5d2

  • SSDEEP

    393216:bflAEh22VkgTB56Hmuny6SN9XbSgD0t5JheFWofA:LlZHVvUG2HUbSjnKA

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1a13b501f98bc44503f719cf0905a070b5ce1a42f66d2cb530df8f172274cdc.exe
    "C:\Users\Admin\AppData\Local\Temp\e1a13b501f98bc44503f719cf0905a070b5ce1a42f66d2cb530df8f172274cdc.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4116

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4116-116-0x00000000001F0000-0x00000000001F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4116-118-0x0000000003560000-0x00000000035BE000-memory.dmp

          Filesize

          376KB

          Download

        • memory/4116-122-0x0000000003560000-0x00000000035BE000-memory.dmp

          Filesize

          376KB

          Download

        • memory/4116-123-0x0000000003560000-0x00000000035BE000-memory.dmp

          Filesize

          376KB

          Download

        • memory/4116-124-0x0000000003560000-0x00000000035BE000-memory.dmp

          Filesize

          376KB

          Download

        • memory/4116-126-0x0000000003560000-0x00000000035BE000-memory.dmp

          Filesize

          376KB

          Download

        • memory/4116-125-0x0000000003560000-0x00000000035BE000-memory.dmp

          Filesize

          376KB

          Download

        • memory/4116-127-0x0000000003560000-0x00000000035BE000-memory.dmp

          Filesize

          376KB

          Download