Overview

overview

10

Static

static

3

P0#082023.exe

windows7-x64

10

P0#082023.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    210s
  • max time network
    207s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 09:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    P0#082023.exe

  • Size

    1.0MB

  • MD5

    54e6b3143669461f4df675f32705f602

  • SHA1

    779e635d839eecb38aa17b5a89ae7a5549bc7d79

  • SHA256

    7bfacddb1871cc1aab46c0274e8e8f2cfc2cbb4b7caef9df24b6933a1ff75124

  • SHA512

    da327e65a84f0e2c4e19006bf0492d555a4b96d657c8c93e7842ebd6de9d96a47529e9cfd951425ca18543dde7d91e112b7700f978586e438894f05826e1f07f

  • SSDEEP

    12288:sQHCr/cT5J2iNtxIQ/tjwUj4m3r+hQClaHFe8MpZkD8qaCFHi4gIrDRjmfTf4SNv:y41F3904CuFe8MpCwcF6Tp

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\P0#082023.exe
    "C:\Users\Admin\AppData\Local\Temp\P0#082023.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1784

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1784-1-0x0000000074F00000-0x00000000756B0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1784-0-0x0000000000660000-0x000000000076E000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1784-2-0x0000000007BE0000-0x0000000008184000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/1784-3-0x0000000007630000-0x00000000076C2000-memory.dmp

          Filesize

          584KB

          Download

        • memory/1784-4-0x0000000005280000-0x0000000005290000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1784-5-0x0000000005290000-0x000000000529A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1784-6-0x0000000007930000-0x00000000079CC000-memory.dmp

          Filesize

          624KB

          Download

        • memory/1784-7-0x0000000074F00000-0x00000000756B0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1784-8-0x0000000005280000-0x0000000005290000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1784-9-0x00000000078F0000-0x0000000007902000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1784-10-0x0000000007910000-0x0000000007918000-memory.dmp

          Filesize

          32KB

          Download

        • memory/1784-11-0x0000000007BB0000-0x0000000007BBC000-memory.dmp

          Filesize

          48KB

          Download

        • memory/1784-12-0x00000000096B0000-0x0000000009710000-memory.dmp

          Filesize

          384KB

          Download