Overview

overview

10

Static

static

1

0fd4cc35d4...67.exe

windows7-x64

1

0fd4cc35d4...67.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    187s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 07:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0fd4cc35d4545f34e4a14926800ce567.exe

  • Size

    1.0MB

  • MD5

    0fd4cc35d4545f34e4a14926800ce567

  • SHA1

    4b78839b0610c4088f43fbc832f421ad737bd00b

  • SHA256

    48392d598ded71e4b8002411d71b87f53eaeeabcc5d636b263df06c22eaeb172

  • SHA512

    6396598ab1186cec46be1e0402e042bea099294bf9af8b2d32c557eb90562939d3a8df3617e80b7f745ad73246af29c5c224dbcb0bf30092b2b9a3af49e0b986

  • SSDEEP

    12288:GU0NTISdQG8MgUhtTTCB3CHflOEspJpmrlP2BAZy2+misUC5VceGcSvvpQeEBGWT:GU6TIExdTnk5pJkxOo8snpSdEBPT

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0fd4cc35d4545f34e4a14926800ce567.exe
    "C:\Users\Admin\AppData\Local\Temp\0fd4cc35d4545f34e4a14926800ce567.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Users\Admin\AppData\Local\Temp\0fd4cc35d4545f34e4a14926800ce567.exe
      "C:\Users\Admin\AppData\Local\Temp\0fd4cc35d4545f34e4a14926800ce567.exe"
      2⤵
        PID:1620
      • C:\Users\Admin\AppData\Local\Temp\0fd4cc35d4545f34e4a14926800ce567.exe
        "C:\Users\Admin\AppData\Local\Temp\0fd4cc35d4545f34e4a14926800ce567.exe"
        2⤵
          PID:1536
        • C:\Users\Admin\AppData\Local\Temp\0fd4cc35d4545f34e4a14926800ce567.exe
          "C:\Users\Admin\AppData\Local\Temp\0fd4cc35d4545f34e4a14926800ce567.exe"
          2⤵
            PID:1636
          • C:\Users\Admin\AppData\Local\Temp\0fd4cc35d4545f34e4a14926800ce567.exe
            "C:\Users\Admin\AppData\Local\Temp\0fd4cc35d4545f34e4a14926800ce567.exe"
            2⤵
              PID:2476
            • C:\Users\Admin\AppData\Local\Temp\0fd4cc35d4545f34e4a14926800ce567.exe
              "C:\Users\Admin\AppData\Local\Temp\0fd4cc35d4545f34e4a14926800ce567.exe"
              2⤵
                PID:1668

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2600-0-0x00000000003B0000-0x00000000004B6000-memory.dmp
              Filesize

              1.0MB

              Download
            • memory/2600-1-0x00000000746C0000-0x0000000074DAE000-memory.dmp
              Filesize

              6.9MB

              Download
            • memory/2600-2-0x0000000004390000-0x00000000043D0000-memory.dmp
              Filesize

              256KB

              Download
            • memory/2600-3-0x00000000746C0000-0x0000000074DAE000-memory.dmp
              Filesize

              6.9MB

              Download
            • memory/2600-4-0x0000000004390000-0x00000000043D0000-memory.dmp
              Filesize

              256KB

              Download
            • memory/2600-5-0x0000000000500000-0x0000000000536000-memory.dmp
              Filesize

              216KB

              Download
            • memory/2600-6-0x0000000005EC0000-0x0000000005F2A000-memory.dmp
              Filesize

              424KB

              Download
            • memory/2600-7-0x00000000009C0000-0x00000000009E4000-memory.dmp
              Filesize

              144KB

              Download
            • memory/2600-8-0x00000000746C0000-0x0000000074DAE000-memory.dmp
              Filesize

              6.9MB

              Download