Overview

overview

6

Static

static

1

file.exe

windows7-x64

6

file.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    135s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2023 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    312KB

  • MD5

    bd737b740c3ec31380ee4bb4e94f0b6c

  • SHA1

    516e8f64e1980e484ca0bd39ef253d8fd7609e83

  • SHA256

    ea18ab128f0795e2d020d21b2189bcf25da6ac310e5a15d9aeebfb2be1114f31

  • SHA512

    e39faf5b0d4be5514688cc0eefb2febdf3442be4095aebff5b497b7008a8e1bdc193ef784b175be8db1bc4a8141ed6de73f382492ecdeebe69b69ba2a162af29

  • SSDEEP

    6144:n7LK6a0pBKlG2HNjhAqRWn4+0VHzdlj5AzbFY5nDe0j:n7ejmIlGENPRW4bHzb5AzRYBDe

Score
6/10
spyware

Malware Config

Signatures

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4280
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:928

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/928-134-0x00000000001D0000-0x00000000001F8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/928-139-0x0000000007560000-0x0000000007B78000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/928-140-0x0000000006F70000-0x0000000006F82000-memory.dmp

    Filesize

    72KB

    Download

  • memory/928-141-0x00000000070A0000-0x00000000071AA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/928-142-0x0000000007320000-0x0000000007330000-memory.dmp

    Filesize

    64KB

    Download

  • memory/928-143-0x0000000006FD0000-0x000000000700C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/928-144-0x0000000007330000-0x0000000007396000-memory.dmp

    Filesize

    408KB

    Download

  • memory/928-145-0x0000000008430000-0x00000000089D4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/928-146-0x0000000007F20000-0x0000000007FB2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/928-147-0x0000000007ED0000-0x0000000007F20000-memory.dmp

    Filesize

    320KB

    Download

  • memory/928-148-0x00000000081A0000-0x0000000008216000-memory.dmp

    Filesize

    472KB

    Download

  • memory/928-149-0x00000000089E0000-0x0000000008BA2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/928-150-0x00000000090E0000-0x000000000960C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/928-151-0x00000000082A0000-0x00000000082BE000-memory.dmp

    Filesize

    120KB

    Download