Overview

overview

3

Static

static

3

EdgeGuard ...TA.exe

windows7-x64

1

EdgeGuard ...TA.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 08:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EdgeGuard Process Sentinel BETA.exe

  • Size

    27.6MB

  • MD5

    59385b378f6cb63f803264465445e7fe

  • SHA1

    7dedb7a02e48bc3aec0ad62ed37dd3569dca5154

  • SHA256

    049b812e346d0dcf53191b6c3b17f82d95350ec8fe7b878a721f52a13c16f4c0

  • SHA512

    78ea498d21a221f28cbde3404deebf0513ac02bfeaca2350fdd1c47da30b9bd7bd6172a865bdb7e4cf0335e592c032eac1a7d866eae3c70700f035969e120b37

  • SSDEEP

    196608:n7Xy6wxePDdfMvRNCPuioH6uulu8SBauV9oQmxV6Zfez:7Xv5pWP9ioeu4MoQmxAlez

Score
1/10

Malware Config

Signatures

  • Enumerates processes with tasklist 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\EdgeGuard Process Sentinel BETA.exe
    "C:\Users\Admin\AppData\Local\Temp\EdgeGuard Process Sentinel BETA.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Windows\system32\tasklist.exe
      tasklist /fo csv /nh
      2⤵
      • Enumerates processes with tasklist
      • Suspicious use of AdjustPrivilegeToken
      PID:2204

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2428-0-0x000000013F800000-0x00000001412D3000-memory.dmp

    Filesize

    26.8MB

    Download

  • memory/2428-1-0x000000013F800000-0x00000001412D3000-memory.dmp

    Filesize

    26.8MB

    Download