Overview

overview

10

Static

static

3

file.exe

windows7-x64

5

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    24-07-2023 00:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    563KB

  • MD5

    0555a32409b8fd438e4eb003c44647d7

  • SHA1

    f6c8a8b801cf9043177cbc954ec67777b0d27408

  • SHA256

    2471e14de265a1cc39ea6030cec91bc81960aebcb02d50e0e59cb31fc55552e6

  • SHA512

    49517c311334cb814aa8dfa7f95d91ffc2d680950412674b0c73eaae6027e3e8f22a4eabd5973701d15717634710d136592ca34a8e85f242909689e2f3c64768

  • SSDEEP

    12288:kpUr8iKsDZHHgePx2WWlYLtqnxk5pdR4JoFbQPhLpkgfhRm7PHa:ya8iDBgox/WaLtekj74SF8PhOgffg/a

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
      2⤵
        PID:2068
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe"
        2⤵
          PID:2244
        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\SetupUtility.exe
          "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\SetupUtility.exe"
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:2236
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 168
            3⤵
            • Program crash
            PID:2332

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2236-60-0x0000000000400000-0x000000000043E000-memory.dmp

        Filesize

        248KB

        Download

      • memory/2236-61-0x0000000000240000-0x0000000000249000-memory.dmp

        Filesize

        36KB

        Download

      • memory/2544-54-0x00000000010B0000-0x0000000001140000-memory.dmp

        Filesize

        576KB

        Download

      • memory/2544-55-0x000007FEF5610000-0x000007FEF5FFC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2544-56-0x000000001AE00000-0x000000001AE80000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2544-57-0x0000000000260000-0x0000000000268000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2544-58-0x0000000000280000-0x000000000029A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2544-59-0x000000001AB90000-0x000000001AC18000-memory.dmp

        Filesize

        544KB

        Download

      • memory/2544-62-0x000007FEF5610000-0x000007FEF5FFC000-memory.dmp

        Filesize

        9.9MB

        Download