Overview

overview

10

Static

static

3

d3ea7d6746...08.exe

windows7-x64

10

d3ea7d6746...08.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    87s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2023, 00:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d3ea7d6746f35904fd821dbdd9883e08.exe

  • Size

    285KB

  • MD5

    d3ea7d6746f35904fd821dbdd9883e08

  • SHA1

    3e76621a27867506ccf19b424bc98a0ee778f4f0

  • SHA256

    34e583d49b9e513fbd9782feb5d0ff3752f4468c77a012f776fda29cc7630425

  • SHA512

    ecce4649b05e59155b40c270f116de8fb8ed677f50637be013445e0cc612453b68c4712cd8a4bf0c850a7aaa877c370909af2df3cf4b20f57064fa7f38487309

  • SSDEEP

    6144:CLBbSSVN3hCEiL28ruxHrvnz0GvbGjiZWc2:C9bSSVFh7iridPY2GO2

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3ea7d6746f35904fd821dbdd9883e08.exe
    "C:\Users\Admin\AppData\Local\Temp\d3ea7d6746f35904fd821dbdd9883e08.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:416
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 416 -s 1224
      2⤵
      • Program crash
      PID:3364
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 416 -ip 416
    1⤵
      PID:1376

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/416-134-0x00000000020D0000-0x000000000210D000-memory.dmp

            Filesize

            244KB

            Download

          • memory/416-135-0x0000000004CA0000-0x0000000005244000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/416-136-0x0000000005250000-0x0000000005868000-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/416-137-0x0000000004C90000-0x0000000004CA0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/416-138-0x0000000004C90000-0x0000000004CA0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/416-139-0x0000000004C20000-0x0000000004C32000-memory.dmp

            Filesize

            72KB

            Download

          • memory/416-140-0x0000000005870000-0x000000000597A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/416-141-0x0000000004C40000-0x0000000004C7C000-memory.dmp

            Filesize

            240KB

            Download

          • memory/416-142-0x0000000004C90000-0x0000000004CA0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/416-143-0x0000000005B40000-0x0000000005BA6000-memory.dmp

            Filesize

            408KB

            Download

          • memory/416-144-0x0000000006340000-0x00000000063D2000-memory.dmp

            Filesize

            584KB

            Download

          • memory/416-145-0x00000000063F0000-0x0000000006466000-memory.dmp

            Filesize

            472KB

            Download

          • memory/416-146-0x00000000064D0000-0x0000000006692000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/416-147-0x00000000066A0000-0x0000000006BCC000-memory.dmp

            Filesize

            5.2MB

            Download

          • memory/416-148-0x0000000006CB0000-0x0000000006CCE000-memory.dmp

            Filesize

            120KB

            Download

          • memory/416-150-0x0000000000400000-0x0000000000488000-memory.dmp

            Filesize

            544KB

            Download