Overview

overview

7

Static

static

3

Making Panels.exe

windows7-x64

7

Making Panels.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2023, 11:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Making Panels.exe

  • Size

    8KB

  • MD5

    f7ad66a5c138ed0461b9f1ff54a7ace4

  • SHA1

    7b756ac1ec65cc978d681b98b3bb4f3452d9b1dc

  • SHA256

    acb81f65a99cd3ce09a647c22b7eeb5fe2f5f12fb2a728c5bb1bd4c0c8ad427a

  • SHA512

    d562cfa50a8628e04033cd664246b74d79d9336edaa7e34fd0b472b4875bb34094cf8cde3ec98eb6798e68416ba667632005a7d222556288d71cc7b2d586c367

  • SSDEEP

    96:qxNlv/rn2JKbqXRhN7md4n2+Z3ZnV579WbhRN66lfwls+VM2hWdbN+EhkVdG5zNt:A/rn2JKb+Rh3h9WbhRNtW3hW5yO7

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Making Panels.exe
    "C:\Users\Admin\AppData\Local\Temp\Making Panels.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1000
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp9177.tmp.cmd""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4880
      • C:\Windows\SysWOW64\timeout.exe
        timeout 4
        3⤵
        • Delays execution with timeout.exe
        PID:2356
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 460 -p 3968 -ip 3968
    1⤵
      PID:3368
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 3968 -s 1752
      1⤵
      • Program crash
      PID:3400

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\tmp9177.tmp.cmd
            Filesize

            159B

            MD5

            221b15c09abd2e1c7b279952a8f0874d

            SHA1

            343d4990388db0bd5815e080dc9ee9089440a33c

            SHA256

            28d3222e072c2d7e64da221a82e32e3610cf43a7cfd6d3d00485fb599433340a

            SHA512

            7a24f26f4253dc9516b41f7a82a56a715eac8c88e6687f072fc2d5f912e88c9a027562905ec9058e5d022b151b1588215cfa29a6a7483d1ad44506322f6f1f33

            Download Submit

          • memory/1000-133-0x00000000002F0000-0x00000000002F8000-memory.dmp

            Filesize

            32KB

            Download

          • memory/1000-134-0x0000000004C30000-0x0000000004C40000-memory.dmp

            Filesize

            64KB

            Download