Overview

overview

4

Static

static

1

penis.exe

windows10-1703-x64

4

penis.exe

windows10-2004-x64

1

sss.exe

windows10-1703-x64

1

sss.exe

windows10-2004-x64

1

procexp64.exe

windows10-1703-x64

1

procexp64.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    575s
  • max time network
    577s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/03/2023, 05:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sss.exe

  • Size

    208KB

  • MD5

    9577a63626d2536e7416494f09f0eec2

  • SHA1

    044ca0fecf2436aac3f9e7acc3c97b30588c594d

  • SHA256

    77b4c0f9929073ce132223f3169349f3e7a626c392b7dbc1a39fa89265c2c6bf

  • SHA512

    5098bba829a795c2aefa85a583388b71690f588dda92bb85b5304fd698e1aa77a610fe98ef93767803fc6fa11a46f94711bf1a4f9e0b7dc464ce61823b9e8763

  • SSDEEP

    3072:KDEkVjGPsw40vLkVjqP4w6U+ToIuWNXmmZTWl/jC7gDooMLa6:K4kSuZToIuUXmmZbgDooMz

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sss.exe
    "C:\Users\Admin\AppData\Local\Temp\sss.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft_Corporation\sss.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\oadqd5ah.tmp
    Filesize

    191B

    MD5

    7ffa55ff6ac84742fc67b49b83be3f12

    SHA1

    446ffc4c9e1d7626f078755e81e91d914e142f67

    SHA256

    786cb96e30e42c16784374e9e5e14298976752e69cfaaf7fcb2ed016d9e3b6bb

    SHA512

    59d9467f12f8386138b4a13ab68a98bddb3a8e213af4afb3cdce78d56d16d56f21453138e4ad183f228974ffa710ebe123e657a05f0ee2623c5e845c93c2b096

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dyicbfjo.pd5.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/4232-157-0x000001E51D470000-0x000001E51D480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4232-155-0x000001E51DE90000-0x000001E51DE98000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4232-137-0x000001E51ED90000-0x000001E51EDC8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/4232-138-0x000001E51D470000-0x000001E51D480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4232-143-0x000001E51DEF0000-0x000001E51DEF8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4232-135-0x000001E51ED40000-0x000001E51ED8A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/4232-153-0x000001E51DFB0000-0x000001E51DFD2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4232-159-0x000001E5033E0000-0x000001E503406000-memory.dmp

    Filesize

    152KB

    Download

  • memory/4232-158-0x000001E51E540000-0x000001E51E548000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4232-156-0x000001E51DEA0000-0x000001E51DEA8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4232-136-0x000001E503420000-0x000001E50342E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4232-133-0x000001E5014F0000-0x000001E501528000-memory.dmp

    Filesize

    224KB

    Download

  • memory/4232-154-0x000001E51D470000-0x000001E51D480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4232-160-0x000001E51BB00000-0x000001E51BC4E000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4232-161-0x000001E51D470000-0x000001E51D480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4232-162-0x000001E51D470000-0x000001E51D480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4232-163-0x000001E51D470000-0x000001E51D480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4232-164-0x000001E51D470000-0x000001E51D480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4232-167-0x000001E51BB00000-0x000001E51BC4E000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4232-177-0x000001E51E730000-0x000001E51E742000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4232-178-0x000001E51E790000-0x000001E51E7CC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4232-181-0x000001E51BB00000-0x000001E51BC4E000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4232-134-0x000001E51D470000-0x000001E51D480000-memory.dmp

    Filesize

    64KB

    Download