Overview

overview

5

Static

static

3

STATEMENT.exe

windows7-x64

5

STATEMENT.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    145s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/05/2023, 04:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    STATEMENT.exe

  • Size

    617KB

  • MD5

    52597a814ee98411fb5c4c501318a5c3

  • SHA1

    89b89a395ddca41d2a98a4e90e70da1940755133

  • SHA256

    51f4e780d426b0e4c12670d49f67ff26257a487d93efcc4e593e133dc99a5bfb

  • SHA512

    30afc5371cedfae3d872fa11c738f2257b5f72f220ee7c16ce5824e0036e3b19a94020739783bca16d1f3a81ffe7e93b19257cbb6956c6c10982bca5ebcdca11

  • SSDEEP

    12288:GQv53atccKYCmv0b1Ce9IuwxtJ2o65E6KGoxEB0Ucbi+iP7oMMsKCm:n9a2pHrF9I3xToEhrScqMfvC

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 44 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\STATEMENT.exe
    "C:\Users\Admin\AppData\Local\Temp\STATEMENT.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1548
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:876

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/876-140-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/876-142-0x0000000001400000-0x000000000174A000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/876-143-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1548-133-0x0000000000630000-0x00000000006D0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1548-134-0x0000000005600000-0x0000000005BA4000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/1548-135-0x00000000050F0000-0x0000000005182000-memory.dmp

          Filesize

          584KB

          Download

        • memory/1548-136-0x0000000005300000-0x0000000005310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1548-137-0x0000000005090000-0x000000000509A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1548-138-0x0000000005300000-0x0000000005310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1548-139-0x0000000006B30000-0x0000000006BCC000-memory.dmp

          Filesize

          624KB

          Download