Overview

overview

7

Static

static

3

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2023, 06:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    311KB

  • MD5

    fc614849f89dc41691740467062b0afd

  • SHA1

    9ff5e71a75c395bbfaba4c285141ea5ff41f08b5

  • SHA256

    71cb2c38db0c3696d250b1a864087ba3a33f6daa236e63dc4059ac17e895855a

  • SHA512

    3379d53d0614d8d27b6ae3edf25ae004921c7ce0a39417e815e07e2e20187c8aa8be48ac3d77c44851fb5eb8a3c9ebebec3b6ddc9bf327cfa13ee5e494be7fa4

  • SSDEEP

    6144:fEAu6K+pSEwqfUsk/yIZHb8ywSL201tNAR/3xsVYHj2Gxqxf:fHSXqfUV/yIZHb8ywSLnhsCuq

Score
7/10
persistence

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    PID:3812

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\p2p.dll
          Filesize

          28KB

          MD5

          60a04f649600a77d84e88c96c4e56a28

          SHA1

          7affbe385e05dd2d22fff2dbe9ed8ede489e02e2

          SHA256

          646a4417c4ef9b2b160c18f6df7eec360fb5585dcb0a4c7ce72a2fc7b85cd6d1

          SHA512

          27d8ce438e24c37559255b6d876e7d876cba241534409b09caab8c194c8af25ec3ad545639048d1a3fe34724ad6948b5090851d0b9e35087981e6f439a9c4886

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\p2p.dll
          Filesize

          28KB

          MD5

          60a04f649600a77d84e88c96c4e56a28

          SHA1

          7affbe385e05dd2d22fff2dbe9ed8ede489e02e2

          SHA256

          646a4417c4ef9b2b160c18f6df7eec360fb5585dcb0a4c7ce72a2fc7b85cd6d1

          SHA512

          27d8ce438e24c37559255b6d876e7d876cba241534409b09caab8c194c8af25ec3ad545639048d1a3fe34724ad6948b5090851d0b9e35087981e6f439a9c4886

          Download Submit

        • memory/3812-133-0x0000000000BA0000-0x0000000000BF4000-memory.dmp

          Filesize

          336KB

          Download

        • memory/3812-140-0x00000000056C0000-0x00000000056D0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3812-141-0x0000000073300000-0x0000000073316000-memory.dmp

          Filesize

          88KB

          Download

        • memory/3812-148-0x0000000073300000-0x0000000073316000-memory.dmp

          Filesize

          88KB

          Download

        • memory/3812-149-0x00000000056C0000-0x00000000056D0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3812-150-0x0000000073300000-0x0000000073316000-memory.dmp

          Filesize

          88KB

          Download

        • memory/3812-151-0x0000000073300000-0x0000000073316000-memory.dmp

          Filesize

          88KB

          Download

        • memory/3812-153-0x0000000073300000-0x0000000073316000-memory.dmp

          Filesize

          88KB

          Download