Overview

overview

4

Static

static

1

penis.exe

windows10-1703-x64

4

penis.exe

windows10-2004-x64

1

sss.exe

windows10-1703-x64

1

sss.exe

windows10-2004-x64

1

procexp64.exe

windows10-1703-x64

1

procexp64.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    516s
  • max time network
    440s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30/03/2023, 05:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sss.exe

  • Size

    208KB

  • MD5

    9577a63626d2536e7416494f09f0eec2

  • SHA1

    044ca0fecf2436aac3f9e7acc3c97b30588c594d

  • SHA256

    77b4c0f9929073ce132223f3169349f3e7a626c392b7dbc1a39fa89265c2c6bf

  • SHA512

    5098bba829a795c2aefa85a583388b71690f588dda92bb85b5304fd698e1aa77a610fe98ef93767803fc6fa11a46f94711bf1a4f9e0b7dc464ce61823b9e8763

  • SSDEEP

    3072:KDEkVjGPsw40vLkVjqP4w6U+ToIuWNXmmZTWl/jC7gDooMLa6:K4kSuZToIuUXmmZbgDooMz

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sss.exe
    "C:\Users\Admin\AppData\Local\Temp\sss.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft_Corporation\sss.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\awwncgqj.tmp
    Filesize

    191B

    MD5

    7ffa55ff6ac84742fc67b49b83be3f12

    SHA1

    446ffc4c9e1d7626f078755e81e91d914e142f67

    SHA256

    786cb96e30e42c16784374e9e5e14298976752e69cfaaf7fcb2ed016d9e3b6bb

    SHA512

    59d9467f12f8386138b4a13ab68a98bddb3a8e213af4afb3cdce78d56d16d56f21453138e4ad183f228974ffa710ebe123e657a05f0ee2623c5e845c93c2b096

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uur1tofy.344.ps1
    Filesize

    1B

    MD5

    c4ca4238a0b923820dcc509a6f75849b

    SHA1

    356a192b7913b04c54574d18c28d46e6395428ab

    SHA256

    6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

    SHA512

    4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

    Download Submit

  • memory/2484-137-0x000001CC26140000-0x000001CC26150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2484-132-0x000001CC27EE0000-0x000001CC27F02000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2484-125-0x000001CC27AD0000-0x000001CC27B08000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2484-126-0x000001CC26140000-0x000001CC26150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2484-131-0x000001CC23F90000-0x000001CC23F98000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2484-133-0x000001CC26140000-0x000001CC26150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2484-138-0x000001CC27100000-0x000001CC27108000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2484-134-0x000001CC27F90000-0x000001CC28006000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2484-135-0x000001CC27E50000-0x000001CC27E58000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2484-136-0x000001CC27E60000-0x000001CC27E68000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2484-124-0x000001CC0B700000-0x000001CC0B70E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2484-121-0x000001CC09AF0000-0x000001CC09B28000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2484-150-0x000001CC26140000-0x000001CC26150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2484-147-0x000001CC26140000-0x000001CC26150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2484-148-0x000001CC26140000-0x000001CC26150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2484-149-0x000001CC26140000-0x000001CC26150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2484-123-0x000001CC27A80000-0x000001CC27ACA000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2484-151-0x000001CC26140000-0x000001CC26150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2484-153-0x000001CC26140000-0x000001CC26150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2484-154-0x000001CC26140000-0x000001CC26150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2484-155-0x000001CC26140000-0x000001CC26150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2484-156-0x000001CC273D0000-0x000001CC273E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2484-157-0x000001CC27430000-0x000001CC2746E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2484-122-0x000001CC26140000-0x000001CC26150000-memory.dmp

    Filesize

    64KB

    Download