Overview

overview

3

Static

static

3

tmp.exe

windows7-x64

1

tmp.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    193s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    01/11/2023, 16:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    7.3MB

  • MD5

    248fc86306946ff8f7b466d10642b1c1

  • SHA1

    ab1ef0f9eadf7304be2c124e66b577e8e9cd0f12

  • SHA256

    e14bc80c86f61890dd94fcb561f5dfe8ab52386db3049d9279ffcbfbddf64798

  • SHA512

    e8b88f9df584c0d7551065c46fcadb69d754a1f3e9a4436fbeb9553f3d3e6abf722c0a98045597bd0301f44e84665c89aac291f69c18af3ec2748dc6facf9583

  • SSDEEP

    98304:zIS+BJz/tYKIcIBV7IHZ69wIJei7aouoROkDbxy4iCmWZM7wHwV/w9X2LRijScoX:ZwJzFYpRRIQDLFbDbaCdPGAGP3diVQh

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2764

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2696-16-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2696-0-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2696-2-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2696-3-0x00000000005B0000-0x0000000000630000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2696-4-0x00000000005B0000-0x0000000000630000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2696-21-0x00000000005B0000-0x0000000000630000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2696-1-0x00000000005B0000-0x0000000000630000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2696-20-0x00000000005B0000-0x0000000000630000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2696-17-0x00000000005B0000-0x0000000000630000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2764-12-0x00000000025F0000-0x0000000002670000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2764-14-0x00000000025F0000-0x0000000002670000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2764-15-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2764-11-0x000000001B1F0000-0x000000001B4D2000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/2764-13-0x0000000002490000-0x0000000002498000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2764-10-0x00000000025F0000-0x0000000002670000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2764-9-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

          Filesize

          9.6MB

          Download