Overview

overview

7

Static

static

1

test-malware.exe

windows7-x64

3

test-malware.exe

windows10-2004-x64

7

Resubmissions

24/04/2023, 08:22

230424-j9jsfacd41 7

24/04/2023, 07:38

230424-jgvz1aae48 7

Analysis

  • max time kernel
    36s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    24/04/2023, 07:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test-malware.exe

  • Size

    5.1MB

  • MD5

    f5d0b88484fd1b10e533d6d64b0be134

  • SHA1

    3814ddc6be26453a84da9e57cb7720ffddc54fbf

  • SHA256

    20e9bcde8a80982952f4207b157c9320d83cadf2b86a9f9154429dcfc9d9e6f7

  • SHA512

    d1e7f398aa94bb2994c8d424987fc6cf87f3eba8846677ca7e931833710ace6e7d89cd18c6716b4f77caf1962d5111332ce37b2a16792a98639fae96e8fdd94b

  • SSDEEP

    49152:PDsAe4OFmE7doaupfauqcxKF1ely/QfdnbWe4Hrt0lJZ8oQ:BmmIdS13RQ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\test-malware.exe
    "C:\Users\Admin\AppData\Local\Temp\test-malware.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1764
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAANgA3AA==
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:628

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/628-67-0x00000000025A0000-0x0000000002620000-memory.dmp

    Filesize

    512KB

    Download

  • memory/628-68-0x00000000025A0000-0x0000000002620000-memory.dmp

    Filesize

    512KB

    Download

  • memory/628-71-0x00000000025A0000-0x0000000002620000-memory.dmp

    Filesize

    512KB

    Download

  • memory/628-65-0x0000000001DF0000-0x0000000001DF8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/628-69-0x00000000025A0000-0x0000000002620000-memory.dmp

    Filesize

    512KB

    Download

  • memory/628-64-0x000000001B310000-0x000000001B5F2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/628-66-0x00000000025A0000-0x0000000002620000-memory.dmp

    Filesize

    512KB

    Download

  • memory/628-70-0x00000000025A0000-0x0000000002620000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1764-55-0x000000001C4D0000-0x000000001C550000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1764-54-0x0000000001140000-0x0000000001666000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/1764-63-0x000000001C4D0000-0x000000001C550000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1764-58-0x000000001C2F0000-0x000000001C382000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1764-57-0x000000001B7D0000-0x000000001B878000-memory.dmp

    Filesize

    672KB

    Download

  • memory/1764-56-0x000000001C550000-0x000000001C6F6000-memory.dmp

    Filesize

    1.6MB

    Download