Overview

overview

10

Static

static

10

bb8fea4690...7d.exe

windows7-x64

3

bb8fea4690...7d.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2023 07:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb8fea4690fd91b69d4fbf47d.exe

  • Size

    4.5MB

  • MD5

    386b478683ab2c443fbd1762647fbddc

  • SHA1

    3acd8db61a9a159465878aed0fec5077bc34ae6b

  • SHA256

    bb8fea4690fd91b69d4fbf47d1a3f6e1d437785bdce3b64db2958ec2048fa846

  • SHA512

    37ec903b722e60f4bdc3dc60f0477fcbcb8ae80d106f56875ffe61d3108752dbd46c2c47a9e39c62bfb77fd01a53e952aaa88da84fc3c13181d1592211b0574c

  • SSDEEP

    98304:tU6zpJqhJiKAqhQ4vH/JzdXPyO/bCF2SJBAUZL:tdkJxAqLnXfDbSJV

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb8fea4690fd91b69d4fbf47d.exe
    "C:\Users\Admin\AppData\Local\Temp\bb8fea4690fd91b69d4fbf47d.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1288
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 472
      2⤵
      • Program crash
      PID:852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads