Overview

overview

6

Static

static

5

ced8e0c88f...50.exe

windows7-x64

1

ced8e0c88f...50.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    15/11/2023, 09:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ced8e0c88f5ee6ee84d6fa485c65c503c0ba6e0b0163f7367414e092a46ff050.exe

  • Size

    3.3MB

  • MD5

    94e82c72afb84a86a6ef50ac512d1022

  • SHA1

    e1f9cdba6bb6a99a4e782c087c8d0aea23b859b1

  • SHA256

    ced8e0c88f5ee6ee84d6fa485c65c503c0ba6e0b0163f7367414e092a46ff050

  • SHA512

    dc82704ddc2e213f107b559afbe73e592c43e35f490ff7f9a6c475759f446e3213420f3783803c9deab709f5d401b03336b566406dc78a75f4bd71e44c8a2439

  • SSDEEP

    49152:AlZi1szYAvqaCPmcddUA7Btqvncaq+7ef6DHdd76C3bQOf5Pffca78HxWMNsbJoL:cZXYAvlcLN7BZ+7FRd76sQr8M6ou

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ced8e0c88f5ee6ee84d6fa485c65c503c0ba6e0b0163f7367414e092a46ff050.exe
    "C:\Users\Admin\AppData\Local\Temp\ced8e0c88f5ee6ee84d6fa485c65c503c0ba6e0b0163f7367414e092a46ff050.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:312
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\ced8e0c88f5ee6ee84d6fa485c65c503c0ba6e0b0163f7367414e092a46ff050.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2436
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\ced8e0c88f5ee6ee84d6fa485c65c503c0ba6e0b0163f7367414e092a46ff050.exe"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2784

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2784-2-0x0000000074060000-0x000000007460B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2784-3-0x0000000074060000-0x000000007460B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2784-4-0x00000000026C0000-0x0000000002700000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2784-5-0x00000000026C0000-0x0000000002700000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2784-6-0x0000000074060000-0x000000007460B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2784-7-0x00000000026C0000-0x0000000002700000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2784-8-0x00000000026C0000-0x0000000002700000-memory.dmp

          Filesize

          256KB

          Download