Overview

overview

3

Static

static

3

file.exe

windows7-x64

1

file.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-10-2023 17:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    2.8MB

  • MD5

    9cdd56d9acd9b190ea7a9eaefe385202

  • SHA1

    5e5cdb5fe5859a8b2da327f045ceb8063dfb247e

  • SHA256

    a12ac74e4555847e45eb599787ad86373d8fc7bb39b63550f65ec8d729bf264c

  • SHA512

    3ad0f21e5b8fd182a4e421bd4ff073575fdf1942261f280dcc3f91360769f25acdccc5c2e9e38cdbb137892e4da98e2c9ebc8ed4a17dda792681e60b6e59bafc

  • SSDEEP

    49152:Ka13CXFUnRlf2xe9RFFFuRBWV+fZphEhFeMPd5gz8HEiz:z12F2RZJFniWV+semUz8H

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4484-0-0x0000000000630000-0x000000000090A000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/4484-1-0x00007FFF1AAC0000-0x00007FFF1B581000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4484-2-0x000000001B710000-0x000000001B720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4484-3-0x00000000010A0000-0x00000000010A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4484-5-0x00007FFF1AAC0000-0x00007FFF1B581000-memory.dmp

    Filesize

    10.8MB

    Download