Overview

overview

10

Static

static

3

rh111.exe

windows7-x64

1

rh111.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    02-10-2023 13:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rh111.exe

  • Size

    1.9MB

  • MD5

    1b87684768db892932be3f0661c54251

  • SHA1

    e5acdb93f6eb75656c9a8242e21b01bf978dc7cf

  • SHA256

    65fcd66d75c64db0f8b7819431d77f83a421e9fd210ff6bdf74c47e7a4c39636

  • SHA512

    0fc3cc6ed99e45a3d1ca7cd2dd4d7bfc2f5f11ee7cf0e3d58bfbb4db26f16599cae45b96fc032cd6a050c1ea70bfd02291537088168dd149eee85b38d2527a82

  • SSDEEP

    24576:jx4Ul0rrIOGz9I6U7AeyGvHynlLghECQl4L529dktxtPCv1ri+J/ac//zWOYopmB:mUl0/2kHW8ECQl4wi+snopp2vQ

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rh111.exe
    "C:\Users\Admin\AppData\Local\Temp\rh111.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:388
    • C:\Users\Admin\AppData\Local\Temp\rh111.exe
      C:\Users\Admin\AppData\Local\Temp\rh111.exe
      2⤵
        PID:2016
      • C:\Users\Admin\AppData\Local\Temp\rh111.exe
        C:\Users\Admin\AppData\Local\Temp\rh111.exe
        2⤵
          PID:2420
        • C:\Users\Admin\AppData\Local\Temp\rh111.exe
          C:\Users\Admin\AppData\Local\Temp\rh111.exe
          2⤵
            PID:2428
          • C:\Users\Admin\AppData\Local\Temp\rh111.exe
            C:\Users\Admin\AppData\Local\Temp\rh111.exe
            2⤵
              PID:2228
            • C:\Users\Admin\AppData\Local\Temp\rh111.exe
              C:\Users\Admin\AppData\Local\Temp\rh111.exe
              2⤵
                PID:2444
              • C:\Users\Admin\AppData\Local\Temp\rh111.exe
                C:\Users\Admin\AppData\Local\Temp\rh111.exe
                2⤵
                  PID:2452
                • C:\Users\Admin\AppData\Local\Temp\rh111.exe
                  C:\Users\Admin\AppData\Local\Temp\rh111.exe
                  2⤵
                    PID:1756
                  • C:\Users\Admin\AppData\Local\Temp\rh111.exe
                    C:\Users\Admin\AppData\Local\Temp\rh111.exe
                    2⤵
                      PID:1060
                    • C:\Users\Admin\AppData\Local\Temp\rh111.exe
                      C:\Users\Admin\AppData\Local\Temp\rh111.exe
                      2⤵
                        PID:2832
                      • C:\Users\Admin\AppData\Local\Temp\rh111.exe
                        C:\Users\Admin\AppData\Local\Temp\rh111.exe
                        2⤵
                          PID:3020

                      Network

                      MITRE ATT&CK Matrix

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • memory/388-0-0x00000000002B0000-0x0000000000496000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/388-1-0x0000000074100000-0x00000000747EE000-memory.dmp

                        Filesize

                        6.9MB

                        Download

                      • memory/388-2-0x0000000002100000-0x0000000002178000-memory.dmp

                        Filesize

                        480KB

                        Download

                      • memory/388-3-0x0000000004520000-0x0000000004560000-memory.dmp

                        Filesize

                        256KB

                        Download

                      • memory/388-4-0x00000000044A0000-0x0000000004508000-memory.dmp

                        Filesize

                        416KB

                        Download

                      • memory/388-5-0x00000000004C0000-0x000000000050C000-memory.dmp

                        Filesize

                        304KB

                        Download

                      • memory/388-6-0x0000000074100000-0x00000000747EE000-memory.dmp

                        Filesize

                        6.9MB

                        Download