Overview

overview

10

Static

static

3

efbadf6608...df.exe

windows7-x64

1

efbadf6608...df.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    02-12-2023 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    efbadf6608789bb0cf7196978b4d71df.exe

  • Size

    685KB

  • MD5

    efbadf6608789bb0cf7196978b4d71df

  • SHA1

    cafd7cd91642a2753f8a1c50a9260cd24ec6d280

  • SHA256

    bbd571c10577d25dcdb8b4302d9e2cd872d824fb6df542997fc4819bbce147b6

  • SHA512

    aeb7c9ff28e307f47eef2230313a73c4bdd2ec106c019754165a74a93136448790ca96ab72475c4aeb9e91ef6180db7d3349afedb02549057e267c35cd48f994

  • SSDEEP

    12288:rCQRJ0IkziYn3v1mPnxZeTzddvHl9VGe9ClflNrf/sXqZ2:lRJ6zJG3eTzHHXLClf7r3x4

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\efbadf6608789bb0cf7196978b4d71df.exe
    "C:\Users\Admin\AppData\Local\Temp\efbadf6608789bb0cf7196978b4d71df.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Users\Admin\AppData\Local\Temp\efbadf6608789bb0cf7196978b4d71df.exe
      "C:\Users\Admin\AppData\Local\Temp\efbadf6608789bb0cf7196978b4d71df.exe"
      2⤵
        PID:2408
      • C:\Users\Admin\AppData\Local\Temp\efbadf6608789bb0cf7196978b4d71df.exe
        "C:\Users\Admin\AppData\Local\Temp\efbadf6608789bb0cf7196978b4d71df.exe"
        2⤵
          PID:2412
        • C:\Users\Admin\AppData\Local\Temp\efbadf6608789bb0cf7196978b4d71df.exe
          "C:\Users\Admin\AppData\Local\Temp\efbadf6608789bb0cf7196978b4d71df.exe"
          2⤵
            PID:2440
          • C:\Users\Admin\AppData\Local\Temp\efbadf6608789bb0cf7196978b4d71df.exe
            "C:\Users\Admin\AppData\Local\Temp\efbadf6608789bb0cf7196978b4d71df.exe"
            2⤵
              PID:2392
            • C:\Users\Admin\AppData\Local\Temp\efbadf6608789bb0cf7196978b4d71df.exe
              "C:\Users\Admin\AppData\Local\Temp\efbadf6608789bb0cf7196978b4d71df.exe"
              2⤵
                PID:1152

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1908-0-0x00000000003B0000-0x0000000000462000-memory.dmp

              Filesize

              712KB

              Download

            • memory/1908-1-0x0000000074570000-0x0000000074C5E000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/1908-2-0x0000000004C60000-0x0000000004CA0000-memory.dmp

              Filesize

              256KB

              Download

            • memory/1908-3-0x0000000000280000-0x0000000000296000-memory.dmp

              Filesize

              88KB

              Download

            • memory/1908-4-0x00000000002A0000-0x00000000002A8000-memory.dmp

              Filesize

              32KB

              Download

            • memory/1908-5-0x0000000000470000-0x000000000047A000-memory.dmp

              Filesize

              40KB

              Download

            • memory/1908-6-0x00000000052C0000-0x000000000533E000-memory.dmp

              Filesize

              504KB

              Download

            • memory/1908-7-0x0000000074570000-0x0000000074C5E000-memory.dmp

              Filesize

              6.9MB

              Download