Overview

overview

10

Static

static

1

file.exe

windows7-x64

1

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    12-05-2023 11:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    332KB

  • MD5

    c5674099c10fc02100253a248cd1d4f9

  • SHA1

    489a0dc2967bf1e0dd30e984eeaff4cd07ab8dae

  • SHA256

    d6832a537c3e0be47b10e40736bed91c4768ace163b110d96c6700aabe6c5fb3

  • SHA512

    4c13a467a70a425d366d94dd2ba45fd8b7f3d12705aea99d418fa76be6d26bf37c6cd5d9363890be7dc69add4ff488aff6a4cdbd346851eea73cae0887d0e4cc

  • SSDEEP

    6144:xMtTVz4Zwp+e50XrDkodpbMk9d2p8gSqP4p1IOq:MajX2p8gSqO14

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1396
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1396-54-0x00000000010C0000-0x0000000001114000-memory.dmp
    Filesize

    336KB

    Download
  • memory/1396-55-0x0000000004B80000-0x0000000004BC0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1396-60-0x0000000004B80000-0x0000000004BC0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2020-58-0x00000000027F0000-0x0000000002830000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2020-59-0x00000000027F0000-0x0000000002830000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2020-61-0x00000000027F0000-0x0000000002830000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2020-62-0x00000000027F0000-0x0000000002830000-memory.dmp
    Filesize

    256KB

    Download