Overview

overview

3

Static

static

3

MeshCentra...er.exe

windows7-x64

3

MeshCentra...er.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2023, 05:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MeshCentralAssistant-TeamViewer.exe

  • Size

    2.2MB

  • MD5

    7f64c6338bf80aa7770d8a51c6e6a69f

  • SHA1

    d02094877943eb5468f7aad959f88452d6d8af0d

  • SHA256

    63154c495c08d85e0b386a26e7e3c28f95c71fa97de8b14d5e1d8fc0eb6a197f

  • SHA512

    043ee33b40251702489b6d90a0c632f0b7265d3a1627a3de44d2f02e068d3474df808aac5f60a15aa37d1c49aed45cee69858df92111c01ca931bd1ff7f31be1

  • SSDEEP

    49152:ovi9y4yPymyXykyHyKywyf5FV56Du+yKy5y8yH9A:oQBg/+BSxve56DdT6pcC

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MeshCentralAssistant-TeamViewer.exe
    "C:\Users\Admin\AppData\Local\Temp\MeshCentralAssistant-TeamViewer.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 3048 -s 768
      2⤵
      • Program crash
      PID:2404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3048-53-0x0000000000C50000-0x0000000000E92000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/3048-54-0x000007FEF5160000-0x000007FEF5B4C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3048-55-0x000000001B120000-0x000000001B1A0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3048-57-0x000007FEF5160000-0x000007FEF5B4C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3048-58-0x000000001B120000-0x000000001B1A0000-memory.dmp

    Filesize

    512KB

    Download