Overview

overview

10

Static

static

3

70fa091252...45.exe

windows7-x64

1

70fa091252...45.exe

windows10-1703-x64

10

70fa091252...45.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    31s
  • max time network
    22s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16-07-2023 03:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70fa0912521fe919667f8ba2ab28d1e0239b48d860fe7ce0ac7637b4b7282c45.exe

  • Size

    1.4MB

  • MD5

    ed164e11ea8f141236b6196dac5bd879

  • SHA1

    d06277b3d82a10ffeced147870a1c7cc65947ae0

  • SHA256

    70fa0912521fe919667f8ba2ab28d1e0239b48d860fe7ce0ac7637b4b7282c45

  • SHA512

    996973f75d75a179091211a3d86f91138565add95f7d34089d9610fcfc4ba228c91d1fc830f2f49146db4752270c51702caaf4513fe6cd15df5f5a84427bdd55

  • SSDEEP

    24576:7fdsbW0F+Rhk0JgdIpsiwO/QGoWP2qQF+2:O6k0i2qAQGoie

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 22 IoCs
  • Suspicious use of SendNotifyMessage 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70fa0912521fe919667f8ba2ab28d1e0239b48d860fe7ce0ac7637b4b7282c45.exe
    "C:\Users\Admin\AppData\Local\Temp\70fa0912521fe919667f8ba2ab28d1e0239b48d860fe7ce0ac7637b4b7282c45.exe"
    1⤵
      PID:2560
    • C:\Windows\ehome\ehshell.exe
      "C:\Windows\ehome\ehshell.exe"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:372
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:528

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/372-60-0x000007FEF5470000-0x000007FEF5E0D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/372-66-0x0000000000270000-0x00000000002F0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/372-65-0x000007FEF5470000-0x000007FEF5E0D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/372-62-0x0000000000270000-0x00000000002F0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/372-61-0x000007FEF5470000-0x000007FEF5E0D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/528-64-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/528-63-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/528-67-0x0000000000370000-0x0000000000371000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2560-59-0x00000000072F0000-0x0000000007330000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2560-58-0x0000000074380000-0x0000000074A6E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2560-57-0x00000000001C0000-0x00000000001CC000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2560-54-0x00000000003C0000-0x0000000000524000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2560-56-0x00000000072F0000-0x0000000007330000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2560-55-0x0000000074380000-0x0000000074A6E000-memory.dmp

      Filesize

      6.9MB

      Download