Overview

overview

10

Static

static

3

Y97STVZCPZ...df.exe

windows7-x64

1

Y97STVZCPZ...df.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    06-12-2023 16:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Y97STVZCPZC12AQ-0315904351-pdf.exe

  • Size

    642KB

  • MD5

    2df1ab727bfa05dba560693967a5a9bb

  • SHA1

    fe97cd5670652a7e20c40be79b3758d1217ec9c9

  • SHA256

    2d631e09274afb5c231bd6d7f6a7c26922a0fa3176ba5837d3be82469fa6e6eb

  • SHA512

    c1ab982fbb2ce8a79b750059e7925cbd84592461f01297bef8e528f3a35b3eeacdc0b98ac2db4aea36c05fddb700332a9a7361476a2baf36f78f3cded3b86b52

  • SSDEEP

    12288:3zhQaueH5qAmB3aNOcEwoxy8760I23AY0fR94NOai+Sgwdk51AyxIen:3zfq10krxj760I23HER94gaSgwO1Nr

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Y97STVZCPZC12AQ-0315904351-pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\Y97STVZCPZC12AQ-0315904351-pdf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1064
    • C:\Users\Admin\AppData\Local\Temp\Y97STVZCPZC12AQ-0315904351-pdf.exe
      "C:\Users\Admin\AppData\Local\Temp\Y97STVZCPZC12AQ-0315904351-pdf.exe"
      2⤵
        PID:2868
      • C:\Users\Admin\AppData\Local\Temp\Y97STVZCPZC12AQ-0315904351-pdf.exe
        "C:\Users\Admin\AppData\Local\Temp\Y97STVZCPZC12AQ-0315904351-pdf.exe"
        2⤵
          PID:2564
        • C:\Users\Admin\AppData\Local\Temp\Y97STVZCPZC12AQ-0315904351-pdf.exe
          "C:\Users\Admin\AppData\Local\Temp\Y97STVZCPZC12AQ-0315904351-pdf.exe"
          2⤵
            PID:2152
          • C:\Users\Admin\AppData\Local\Temp\Y97STVZCPZC12AQ-0315904351-pdf.exe
            "C:\Users\Admin\AppData\Local\Temp\Y97STVZCPZC12AQ-0315904351-pdf.exe"
            2⤵
              PID:3020
            • C:\Users\Admin\AppData\Local\Temp\Y97STVZCPZC12AQ-0315904351-pdf.exe
              "C:\Users\Admin\AppData\Local\Temp\Y97STVZCPZC12AQ-0315904351-pdf.exe"
              2⤵
                PID:2036

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1064-0-0x00000000001B0000-0x0000000000256000-memory.dmp

              Filesize

              664KB

              Download

            • memory/1064-1-0x0000000074140000-0x000000007482E000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/1064-2-0x0000000004B80000-0x0000000004BC0000-memory.dmp

              Filesize

              256KB

              Download

            • memory/1064-3-0x0000000000580000-0x000000000059A000-memory.dmp

              Filesize

              104KB

              Download

            • memory/1064-4-0x00000000005A0000-0x00000000005A8000-memory.dmp

              Filesize

              32KB

              Download

            • memory/1064-5-0x0000000000630000-0x000000000063A000-memory.dmp

              Filesize

              40KB

              Download

            • memory/1064-6-0x0000000005220000-0x000000000529C000-memory.dmp

              Filesize

              496KB

              Download

            • memory/1064-7-0x0000000074140000-0x000000007482E000-memory.dmp

              Filesize

              6.9MB

              Download