Overview

overview

5

Static

static

3

a79a555d80...5d.exe

windows7-x64

5

a79a555d80...5d.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2023, 07:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a79a555d8074362ce42e03465fc6655d.exe

  • Size

    951KB

  • MD5

    a79a555d8074362ce42e03465fc6655d

  • SHA1

    3acabb0dbb9d88b388e0b068c98c53605de367f0

  • SHA256

    8904fe72b770215a4e3bc82f6e1fda9756a147fb86bdac2fec7ebac577866764

  • SHA512

    57a1df140a146fd15c609adf98db46d578bfa8e0e05eaaeed287899fe83454860f055ba955575570af6652ebe948ee8eca4c3037dc5231ae2a9dfe94403fba83

  • SSDEEP

    24576:Hk70TrczzmYJqlHIJYhO2VVP1ru6DGt1blxIj:HkQTAzztJcoKhOgVP1rjD417Ij

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 62 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a79a555d8074362ce42e03465fc6655d.exe
    "C:\Users\Admin\AppData\Local\Temp\a79a555d8074362ce42e03465fc6655d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5104
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3180

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3180-136-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3180-138-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3180-140-0x0000000001750000-0x0000000001A9A000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/3180-141-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download

        • memory/5104-133-0x0000000074420000-0x0000000074BD0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/5104-134-0x0000000004D70000-0x0000000004D80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/5104-135-0x0000000004E60000-0x0000000005404000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/5104-139-0x0000000074420000-0x0000000074BD0000-memory.dmp

          Filesize

          7.7MB

          Download