Overview

overview

10

Static

static

1

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    19-04-2023 16:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    313KB

  • MD5

    20d9d36f5638f94aaa9006509a51cfd3

  • SHA1

    7125032ba7af2c12818b6a6f2723c00f665d90fb

  • SHA256

    5d8a2b6b4f2b1de4befaeab782df22bc0a39f59a38b0427010b968a3e9aa73b5

  • SHA512

    c375e7b6d11f8eeb3a09e02a5910eda7c8dd95ea7d2a431197b8a4cedf62a1832dca81e387db408f12ce21985e52b0404c103905dd76e6c644350ff4f9096ac2

  • SSDEEP

    6144:lahOtBowEgccoJuOLMEl7AA3UkXVk4KE9WN:liwB5ccNOLMG7AAkkXVkM9I

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1408
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\raisearchitect.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\raisearchitect.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:1232

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\raisearchitect.exe
    Filesize

    587KB

    MD5

    d2ff667b42a5583ae8abe4e470b44bd8

    SHA1

    7452b5240dbc26fa8dd41139871671849d108a44

    SHA256

    01b8c79e9547474bd42fa2f4bcfa7c01f8a284be74cef169728c23aae543f133

    SHA512

    0424f041f9ba668bcbe1d8344731b1137763b164d892842de444c8ecb5851a57a0e82ed7d118584aef89656def7388d9fb233f92ccc4394db2a45c94ae32beed

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\raisearchitect.exe
    Filesize

    587KB

    MD5

    d2ff667b42a5583ae8abe4e470b44bd8

    SHA1

    7452b5240dbc26fa8dd41139871671849d108a44

    SHA256

    01b8c79e9547474bd42fa2f4bcfa7c01f8a284be74cef169728c23aae543f133

    SHA512

    0424f041f9ba668bcbe1d8344731b1137763b164d892842de444c8ecb5851a57a0e82ed7d118584aef89656def7388d9fb233f92ccc4394db2a45c94ae32beed

    Download Submit

  • memory/1232-60-0x0000000001150000-0x00000000011EA000-memory.dmp

    Filesize

    616KB

    Download

  • memory/1232-61-0x0000000000380000-0x00000000003C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1232-62-0x0000000000380000-0x00000000003C0000-memory.dmp

    Filesize

    256KB

    Download