Overview

overview

3

Static

static

3

2786741632...da.exe

windows7-x64

1

2786741632...da.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    137s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-11-2023 22:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2786741632b32da69849d5cc8c6da035e3de52add7916d0eb7ac20aceed4e3da.exe

  • Size

    816KB

  • MD5

    ba8978c13ced87898f75e3ed17fc8928

  • SHA1

    40429febc6fb8fd946efb96cb4b0e2109b224a7d

  • SHA256

    2786741632b32da69849d5cc8c6da035e3de52add7916d0eb7ac20aceed4e3da

  • SHA512

    efc465b3887d1ad4bb05a038a7ff2ea6630b8f7c01166edb76dea966aaffb577baf15fdb4a04fa9e29cb8abfd4dbdc0c9587ca55c7c41726fdc841fd75fa0467

  • SSDEEP

    12288:1B23MOa6Kpm3iMhG/NtsZvpzwA93sVcxfr91HnKL4HjXlgm9xo1mlSS8xv39t3b2:1Y3MOaNpAiiG/UZv1wabrDKLUjum9J

Score
1/10

Malware Config

Signatures

  • Runs net.exe
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2786741632b32da69849d5cc8c6da035e3de52add7916d0eb7ac20aceed4e3da.exe
    "C:\Users\Admin\AppData\Local\Temp\2786741632b32da69849d5cc8c6da035e3de52add7916d0eb7ac20aceed4e3da.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4952
    • C:\Windows\SysWOW64\net.exe
      net localgroup administrator ÒªÃÜÂë¼ÓQQ2990353838 /add
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4512
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 localgroup administrator ÒªÃÜÂë¼ÓQQ2990353838 /add
        3⤵
          PID:4368
      • C:\Windows\SysWOW64\net.exe
        net user ÒªÃÜÂë¼ÓQQ2990353838 123456789 /add
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2168
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 user ÒªÃÜÂë¼ÓQQ2990353838 123456789 /add
          3⤵
            PID:1048
        • C:\Windows\SysWOW64\net.exe
          net user Administrator 123456789
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:3384
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 user Administrator 123456789
            3⤵
              PID:2908

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads