Overview

overview

7

Static

static

1

ADB/AdbWinApi.dll

windows7-x64

3

ADB/AdbWinApi.dll

windows10-2004-x64

3

ADB/AdbWinUsbApi.dll

windows7-x64

1

ADB/AdbWinUsbApi.dll

windows10-2004-x64

3

ADB/adb.exe

windows7-x64

1

ADB/adb.exe

windows10-2004-x64

1

SAMTOOL.exe

windows7-x64

7

SAMTOOL.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-04-2023 18:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SAMTOOL.exe

  • Size

    5.0MB

  • MD5

    01ec71d7c98cbd68b6bfb26efad47ed6

  • SHA1

    0c683f934438391c434e130073aae85ce5cb2c07

  • SHA256

    792aa3b430a6f897d5b201553a3421acff0d0a6aacfbf9ddfd6134cafb571cef

  • SHA512

    9190286483f90a2f4367ad989f98b440b6c4a6fc02d66610df5d3eec9fd4b5fd1106c48f47c0735953644ea5cfdc80b84c7bd3ee7e9f7f61745fcb7ccde441d3

  • SSDEEP

    98304:EKUNmlnsLSU/hsNLqeAhGB69t5QZPcN1XrbtBv3Y97fDh6/bGS:wIlslu1go0taZEfYpfk/

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 59 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SAMTOOL.exe
    "C:\Users\Admin\AppData\Local\Temp\SAMTOOL.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4932
    • C:\Users\Admin\AppData\Local\Temp\ADB\adb.exe
      "C:\Users\Admin\AppData\Local\Temp\ADB\adb.exe" version
      2⤵
        PID:3944
      • C:\Users\Admin\AppData\Local\Temp\ADB\adb.exe
        "C:\Users\Admin\AppData\Local\Temp\ADB\adb.exe" start-server
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:4348
        • C:\Users\Admin\AppData\Local\Temp\ADB\adb.exe
          adb -L tcp:5037 fork-server server --reply-fd 564
          3⤵
            PID:4472

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3944-144-0x0000000000400000-0x00000000005E7000-memory.dmp
        Filesize

        1.9MB

        Download
      • memory/4348-150-0x0000000000400000-0x00000000005E7000-memory.dmp
        Filesize

        1.9MB

        Download
      • memory/4472-155-0x0000000000400000-0x00000000005E7000-memory.dmp
        Filesize

        1.9MB

        Download
      • memory/4472-153-0x0000000000400000-0x00000000005E7000-memory.dmp
        Filesize

        1.9MB

        Download
      • memory/4472-152-0x0000000000400000-0x00000000005E7000-memory.dmp
        Filesize

        1.9MB

        Download
      • memory/4932-142-0x0000000005FF0000-0x0000000006000000-memory.dmp
        Filesize

        64KB

        Download
      • memory/4932-139-0x000000000EE20000-0x000000000EE86000-memory.dmp
        Filesize

        408KB

        Download
      • memory/4932-141-0x000000000A910000-0x000000000A92A000-memory.dmp
        Filesize

        104KB

        Download
      • memory/4932-133-0x0000000000F20000-0x000000000142E000-memory.dmp
        Filesize

        5.1MB

        Download
      • memory/4932-143-0x000000000AC50000-0x000000000AC58000-memory.dmp
        Filesize

        32KB

        Download
      • memory/4932-138-0x0000000005FF0000-0x0000000006000000-memory.dmp
        Filesize

        64KB

        Download
      • memory/4932-145-0x0000000005FF0000-0x0000000006000000-memory.dmp
        Filesize

        64KB

        Download
      • memory/4932-146-0x0000000005FF0000-0x0000000006000000-memory.dmp
        Filesize

        64KB

        Download
      • memory/4932-137-0x0000000006200000-0x000000000620A000-memory.dmp
        Filesize

        40KB

        Download
      • memory/4932-151-0x0000000005FF0000-0x0000000006000000-memory.dmp
        Filesize

        64KB

        Download
      • memory/4932-136-0x0000000005FF0000-0x0000000006000000-memory.dmp
        Filesize

        64KB

        Download
      • memory/4932-135-0x0000000005EA0000-0x0000000005F32000-memory.dmp
        Filesize

        584KB

        Download
      • memory/4932-134-0x00000000065B0000-0x0000000006B54000-memory.dmp
        Filesize

        5.6MB

        Download