Overview

overview

7

Static

static

3

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2023, 09:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    419KB

  • MD5

    f95b094d94c30db50d59d0bfc2bc86f9

  • SHA1

    9cf4f70ca38c7d7ced496520ebedd65b6cb96ab3

  • SHA256

    a36bb3b9756b8937718560af35cb3d25ef20ad99ca44157c02c1c79a56fd275d

  • SHA512

    21ff9d4adcfa5b546bce5a8829d4e4738805b4989fc50bd8786925b666c4ccba575c46c1dd19cf1409ee35c62282ef07ffef8af768a33a6788469441738a6e3e

  • SSDEEP

    6144:mOV9EHczLDWjOaT0HqIiCCs5d29BdjdFO4z+9wc:mlHcz/WZ0HZola9

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2640
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 1464
      2⤵
      • Program crash
      PID:4456
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 2640 -ip 2640
    1⤵
      PID:3900

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2640-134-0x0000000004FD0000-0x0000000005574000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/2640-135-0x00000000009D0000-0x0000000000A0E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/2640-136-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2640-137-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2640-138-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2640-139-0x0000000007900000-0x0000000007F18000-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/2640-140-0x0000000007F40000-0x0000000007F52000-memory.dmp

            Filesize

            72KB

            Download

          • memory/2640-141-0x0000000007F60000-0x000000000806A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2640-142-0x0000000008070000-0x00000000080AC000-memory.dmp

            Filesize

            240KB

            Download

          • memory/2640-143-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2640-144-0x0000000008380000-0x00000000083E6000-memory.dmp

            Filesize

            408KB

            Download

          • memory/2640-145-0x0000000008A40000-0x0000000008AD2000-memory.dmp

            Filesize

            584KB

            Download

          • memory/2640-146-0x0000000008B00000-0x0000000008B76000-memory.dmp

            Filesize

            472KB

            Download

          • memory/2640-147-0x0000000008BF0000-0x0000000008DB2000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/2640-148-0x0000000008DC0000-0x00000000092EC000-memory.dmp

            Filesize

            5.2MB

            Download

          • memory/2640-149-0x00000000093F0000-0x000000000940E000-memory.dmp

            Filesize

            120KB

            Download

          • memory/2640-151-0x0000000000400000-0x0000000000702000-memory.dmp

            Filesize

            3.0MB

            Download