Overview

overview

10

Static

static

3

pr920931.exe

windows7-x64

10

pr920931.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    28s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    13-05-2023 22:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pr920931.exe

  • Size

    260KB

  • MD5

    4cd612e06781401710e41031dae4624a

  • SHA1

    824dd7bc7ab675a3dde868b46ab375b5a4646ffa

  • SHA256

    260167c02c6e2d9bd10c05bb03ba0b66019256e103b6cc6d58293296d495ca23

  • SHA512

    eab6daf332fb00578beb152e524cdb1e006d7684aa11aa4845120cb2976cacea68f0c84dde56de4f901dcc9e43197bae6b1301c24fccc33724e5540e66ad72f5

  • SSDEEP

    3072:3SDTx7deQab5RQmvsg1GOdVZyyvRrrArDtVasuIhcnLYF5G4MriUw15v40f49Lr:iDbgJVZfrrArWVqoa4y49

Score
10/10
evasiontrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pr920931.exe
    "C:\Users\Admin\AppData\Local\Temp\pr920931.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:856

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/856-55-0x0000000000220000-0x000000000024D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/856-56-0x0000000001F80000-0x0000000001F9A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/856-57-0x0000000001FA0000-0x0000000001FB8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/856-58-0x0000000001FA0000-0x0000000001FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/856-59-0x0000000001FA0000-0x0000000001FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/856-61-0x0000000001FA0000-0x0000000001FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/856-63-0x0000000001FA0000-0x0000000001FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/856-65-0x0000000001FA0000-0x0000000001FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/856-67-0x0000000001FA0000-0x0000000001FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/856-69-0x0000000001FA0000-0x0000000001FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/856-71-0x0000000001FA0000-0x0000000001FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/856-73-0x0000000001FA0000-0x0000000001FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/856-75-0x0000000001FA0000-0x0000000001FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/856-77-0x0000000001FA0000-0x0000000001FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/856-79-0x0000000001FA0000-0x0000000001FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/856-81-0x0000000001FA0000-0x0000000001FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/856-83-0x0000000001FA0000-0x0000000001FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/856-85-0x0000000001FA0000-0x0000000001FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/856-86-0x00000000048F0000-0x0000000004930000-memory.dmp

    Filesize

    256KB

    Download

  • memory/856-87-0x00000000048F0000-0x0000000004930000-memory.dmp

    Filesize

    256KB

    Download

  • memory/856-88-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/856-89-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download