Overview

overview

10

Static

static

10

Endermanch...is.exe

windows7-x64

1

Endermanch...is.exe

windows10-2004-x64

Endermanch...ug.exe

windows7-x64

6

Endermanch...ug.exe

windows10-2004-x64

6

Endermanch...ck.exe

windows7-x64

7

Endermanch...ck.exe

windows10-2004-x64

7

Endermanch...om.exe

windows7-x64

1

Endermanch...om.exe

windows10-2004-x64

1

Endermanch...le.exe

windows7-x64

1

Endermanch...le.exe

windows10-2004-x64

1

Endermanch...er.exe

windows7-x64

7

Endermanch...er.exe

windows10-2004-x64

7

Endermanch...er.exe

windows7-x64

7

Endermanch...er.exe

windows10-2004-x64

7

Endermanch...er.exe

windows7-x64

Endermanch...er.exe

windows10-2004-x64

Endermanch...us.exe

windows7-x64

1

Endermanch...us.exe

windows10-2004-x64

1

Endermanch....C.exe

windows7-x64

10

Endermanch....C.exe

windows10-2004-x64

10

Endermanch...rd.exe

windows7-x64

10

Endermanch...rd.exe

windows10-2004-x64

9

Endermanch...a2.exe

windows7-x64

1

Endermanch...a2.exe

windows10-2004-x64

1

Endermanch...19.exe

windows7-x64

7

Endermanch...19.exe

windows10-2004-x64

7

Endermanch...eg.exe

windows7-x64

7

Endermanch...eg.exe

windows10-2004-x64

3

Endermanch...1).exe

windows7-x64

3

Endermanch...1).exe

windows10-2004-x64

3

Endermanch...ld.exe

windows7-x64

3

Endermanch...ld.exe

windows10-2004-x64

3

Resubmissions

03-07-2024 22:59

240703-2yn7wszhlp 10

03-07-2024 16:13

240703-tn93lsyglf 10

03-07-2024 16:11

240703-tm84xsyfma 10

10-05-2024 16:25

240510-tw1h5shh47 10

24-08-2023 11:16

230824-nda8msdf8z 10

Analysis

  • max time kernel
    155s
  • max time network
    175s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    24-07-2023 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    484KB

  • MD5

    0a7b70efba0aa93d4bc0857b87ac2fcb

  • SHA1

    01a6c963b2f5f36ff21a1043587dcf921ae5f5cd

  • SHA256

    4f5bff64160044d9a769ab277ff85ba954e2a2e182c6da4d0672790cf1d48309

  • SHA512

    2033f9637b8d023242c93f54c140dd561592a3380a15a9fdc8ebfa33385ff4fc569d66c846a01b4ac005f0521b3c219e87f4b1ed2a83557f9d95fa066ad25e14

  • SSDEEP

    6144:lqHKx3YCgy8HmmjJpnVhvLqCO3bLinIz1wASx:lqHoyHNj/nVhvLcyII

Score
7/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Drops startup file
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:2540
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:1212

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2540-55-0x0000000074270000-0x000000007495E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2540-54-0x00000000001D0000-0x0000000000252000-memory.dmp

      Filesize

      520KB

      Download

    • memory/2540-56-0x0000000000350000-0x0000000000390000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2540-57-0x0000000000350000-0x0000000000390000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2540-188-0x0000000000350000-0x0000000000390000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2540-189-0x0000000074270000-0x000000007495E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2540-190-0x0000000000350000-0x0000000000390000-memory.dmp

      Filesize

      256KB

      Download