Overview

overview

5

Static

static

3

Statement20233010.exe

windows7-x64

3

Statement20233010.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    118s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2023, 19:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Statement20233010.exe

  • Size

    19KB

  • MD5

    04bfbe662c6fe75d48c45571e1cdb17f

  • SHA1

    6fcf8dcd30720bd5ceb7ce3f7d1dcea225b989db

  • SHA256

    a5bea05a2f6c78eef246760dc715dd3fe10b0615ac161efbeb8a2cf6c9836499

  • SHA512

    1523cf548f549148b1c12fdfce9469c83eb97e18f45b5f5469050052451535e2336329b8b4886f17b0944d38de0d92ee605f5995badf07796f981b81a65df8c0

  • SSDEEP

    384:O/6i+tTBROM5DWvizocBuLXMEgsYCPGMpizIlkyVT6AstGyFFLuUW:OS9O2NMpizvt1XLu9

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Statement20233010.exe
    "C:\Users\Admin\AppData\Local\Temp\Statement20233010.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 1640
      2⤵
      • Program crash
      PID:2640

Network

  • flag-us
    DNS
    onedrive.live.com
    Statement20233010.exe
    Remote address:
    8.8.8.8:53
    Request
    onedrive.live.com
    IN A
    Response
    onedrive.live.com
    IN CNAME
    web.fe.1drv.com
    web.fe.1drv.com
    IN CNAME
    odc-web-geo.onedrive.akadns.net
    odc-web-geo.onedrive.akadns.net
    IN CNAME
    odc-web-brs.onedrive.akadns.net
    odc-web-brs.onedrive.akadns.net
    IN CNAME
    odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net
    odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net
    IN CNAME
    l-0004.l-msedge.net
    l-0004.l-msedge.net
    IN A
    13.107.42.13
  • 13.107.42.13:443
    onedrive.live.com
    tls
    Statement20233010.exe
    649 B
     4.7kB
     8
    9
  • 8.8.8.8:53
    onedrive.live.com
    dns
    Statement20233010.exe
    63 B
     268 B
     1
    1

    DNS Request

    onedrive.live.com

    DNS Response

    13.107.42.13

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Cab6422.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6454.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • memory/2160-0-0x0000000000C80000-0x0000000000C8C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2160-1-0x0000000074730000-0x0000000074E1E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2160-2-0x0000000000480000-0x00000000004C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2160-55-0x0000000074730000-0x0000000074E1E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2160-56-0x0000000000480000-0x00000000004C0000-memory.dmp

    Filesize

    256KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.