Overview

overview

10

Static

static

10

test.exe

windows10-1703-x64

6

test.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    101s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-06-2023 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test.exe

  • Size

    50KB

  • MD5

    44e85e8e96955e170fc6d13ceef82852

  • SHA1

    46310e2ea57a9146f2f7808aa4c6f1bd1e6697eb

  • SHA256

    e475bd3e2a5c97d72bbe07da853b2b906ffc9eeae46bd94ecb0a51a01fbfe53a

  • SHA512

    cef5b49aaa6f2bbcccc94ba7101cb57f65d987d6364d3850070e3ab857e241a7e5b49781b2707aeb5eaf22543bff5d60c82818e2a2cd28d7db4c6798e7f236bd

  • SSDEEP

    768:TVcCo1dt4cybqx7P9vm9Rg6+E7apmW8msk:T2t4cybq56O84

Score
6/10
discoveryspyware

Malware Config

Signatures

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 19 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of SendNotifyMessage 37 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\test.exe
    "C:\Users\Admin\AppData\Local\Temp\test.exe"
    1⤵
      PID:1468
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /0
      1⤵
      • Checks SCSI registry key(s)
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1648

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1648-133-0x000002CB40AB0000-0x000002CB40AB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1648-134-0x000002CB40AB0000-0x000002CB40AB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1648-135-0x000002CB40AB0000-0x000002CB40AB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1648-139-0x000002CB40AB0000-0x000002CB40AB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1648-140-0x000002CB40AB0000-0x000002CB40AB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1648-141-0x000002CB40AB0000-0x000002CB40AB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1648-142-0x000002CB40AB0000-0x000002CB40AB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1648-143-0x000002CB40AB0000-0x000002CB40AB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1648-144-0x000002CB40AB0000-0x000002CB40AB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1648-145-0x000002CB40AB0000-0x000002CB40AB1000-memory.dmp

      Filesize

      4KB

      Download