Overview

overview

10

Static

static

3

TNTEXPRESS.exe

windows7-x64

1

TNTEXPRESS.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    111s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    07-05-2023 09:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TNTEXPRESS.exe

  • Size

    683KB

  • MD5

    64ba7b4484114967c48bea5cff6ac9bb

  • SHA1

    65eba06d17dd6b75ae74c5cf09ae5e25e81ea0e2

  • SHA256

    757371fd80dda17d1844c472bead62365e29e5f902e32afad9bc0120346220d5

  • SHA512

    6727c4345e373355a6bc39e900a890a6116ad051c60112089cf4cea1aed57f749cd3bf1904039ceec8ee522039a93ed48e4e0b47b5ee5e05922ac7d72ae31360

  • SSDEEP

    12288:49oe+bBWrllPje9oSTSIEdlP9sDIZD/6K3ZZ5saOkdjB28lA5Y8:49oe+Ill0o3IyPq8NrpS0lWY

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe
    "C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe
      "C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe"
      2⤵
        PID:1372
      • C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe
        "C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe"
        2⤵
          PID:472
        • C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe
          "C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe"
          2⤵
            PID:1412
          • C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe
            "C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe"
            2⤵
              PID:1208
            • C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe
              "C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe"
              2⤵
                PID:1204

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1960-54-0x00000000003C0000-0x0000000000472000-memory.dmp
              Filesize

              712KB

              Download
            • memory/1960-55-0x0000000000710000-0x0000000000750000-memory.dmp
              Filesize

              256KB

              Download
            • memory/1960-56-0x0000000000260000-0x0000000000274000-memory.dmp
              Filesize

              80KB

              Download
            • memory/1960-57-0x0000000000710000-0x0000000000750000-memory.dmp
              Filesize

              256KB

              Download
            • memory/1960-58-0x0000000000360000-0x000000000036C000-memory.dmp
              Filesize

              48KB

              Download
            • memory/1960-59-0x0000000005FC0000-0x0000000006030000-memory.dmp
              Filesize

              448KB

              Download
            • memory/1960-60-0x0000000004520000-0x0000000004558000-memory.dmp
              Filesize

              224KB

              Download