Overview

overview

10

Static

static

3

792f7b6362...9d.exe

windows7-x64

8

792f7b6362...9d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01-06-2023 01:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    792f7b6362d213e5976d71aea0f36488aae184b30e021210e847d1450546c39d.exe

  • Size

    489KB

  • MD5

    35e7110e47ba3d42bf5b71937e02ce8b

  • SHA1

    7194f08ad122d5e2e1d7b432522d6e9fc2565d7b

  • SHA256

    792f7b6362d213e5976d71aea0f36488aae184b30e021210e847d1450546c39d

  • SHA512

    70020e4680f74fd17705b14b0cc11541c773844952ee211eda82291b49b07c94acae9a7aa406c0f6e41fbad4a54d7ff10432b0acb0b2bbf5bc66201b8c6aec43

  • SSDEEP

    12288:qimcuTGiqcyQoiAsxhfi+/wHKK8zsK/nn6F2oG:qimcUGiqcyuAoh6jHKRzsKvQ23

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\792f7b6362d213e5976d71aea0f36488aae184b30e021210e847d1450546c39d.exe
    "C:\Users\Admin\AppData\Local\Temp\792f7b6362d213e5976d71aea0f36488aae184b30e021210e847d1450546c39d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1764
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -ExecutionPolicy Bypass -F C:/ProgramData/md9fmn2uj52E8Ut8f5xmiH0j4abpph3A.ps1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1516

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\md9fmn2uj52E8Ut8f5xmiH0j4abpph3A.ps1
    Filesize

    25KB

    MD5

    e8c3e078f9a6d9efa1391687a983ffae

    SHA1

    f5e0b299465164cd1745ab5153d98ceb66b465f4

    SHA256

    9d1c391c7730878897d9c03c5f2ab09a7428293bcf058346eaeb6c617e0e7289

    SHA512

    566bd10fae840974ce4214d4d7247afd62891780af7dc75a7e3f0b1ad849e2ebea44318280e188149268371a31975b711abfd3f72949a43018b5b0c66620a9cd

    Download Submit

  • memory/1516-59-0x000000001B110000-0x000000001B3F2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1516-61-0x00000000027D0000-0x0000000002850000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1516-62-0x00000000027D0000-0x0000000002850000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1516-63-0x00000000027D0000-0x0000000002850000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1516-60-0x00000000023E0000-0x00000000023E8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1516-65-0x00000000027D0000-0x0000000002850000-memory.dmp

    Filesize

    512KB

    Download