Overview

overview

6

Static

static

3

4RTools.exe

windows7-x64

6

4RTools.exe

windows10-2004-x64

1

Resubmissions

18/09/2023, 22:30

230918-2ezjhsfb97 3

18/09/2023, 22:26

230918-2cjqaach9x 6

Analysis

  • max time kernel
    140s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/09/2023, 22:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4RTools.exe

  • Size

    3.6MB

  • MD5

    cae68bd7b5874246f8eb0b3f54ad39e7

  • SHA1

    73a59f80e6b138cd0dc6d3b278a162ef9954b987

  • SHA256

    9218c686c937fa977fead2e644b196b80b7a2e46ceba9ac924f75361361c755d

  • SHA512

    33c411cd2a5b07654596f783f30f602884c4c35852301afd784b6e62db27def2f032b146dc630784ec562335ee29678ec3a419e70ebbbdaae9e7233224a82dae

  • SSDEEP

    49152:/vQZKTcBEOB84ke4Auyj3jQEta+xWw+W7SCBiVyLWw:/vQZScBjB84k2QcJ53ig9

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4RTools.exe
    "C:\Users\Admin\AppData\Local\Temp\4RTools.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    PID:1992
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4172

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1992-0-0x0000000000280000-0x000000000061C000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/1992-1-0x0000000074600000-0x0000000074DB0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1992-2-0x00000000055B0000-0x0000000005B54000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1992-3-0x00000000050A0000-0x0000000005132000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1992-4-0x0000000004FF0000-0x0000000005000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1992-5-0x0000000005360000-0x000000000536A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1992-6-0x00000000078B0000-0x0000000007960000-memory.dmp

      Filesize

      704KB

      Download

    • memory/1992-7-0x0000000007AC0000-0x0000000007C84000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/1992-8-0x0000000009530000-0x0000000009552000-memory.dmp

      Filesize

      136KB

      Download

    • memory/1992-9-0x0000000009560000-0x00000000098B4000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/1992-18-0x0000000074600000-0x0000000074DB0000-memory.dmp

      Filesize

      7.7MB

      Download