Overview

overview

10

Static

static

10

207b710761...41.exe

windows7-x64

10

207b710761...41.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 13:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    207b710761b3330aa804c7a04d015b41.exe

  • Size

    11KB

  • MD5

    207b710761b3330aa804c7a04d015b41

  • SHA1

    82809b814f6006ccf2ecd49825f43c45acc475b8

  • SHA256

    8488b24dec28ad3940c5cfec018cb00b71e2eab4a4942acab8bc2a3db922dd5d

  • SHA512

    27756c01ff1653d29b784aad891e401701f471b3abf7844d96f442fcfb0c99bf3f3f3a039f751184bfaf40eb0a9bc11b4549f0825668e6f82e5d3e4ba028aaa0

  • SSDEEP

    192:8eMTczELU3cPcgNBbIN3ygty+aQQLPmq+D4jT5:pMTcAm+cgNBbIN3u5Dbe4jT

Score
10/10

Malware Config

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Drops startup file 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\207b710761b3330aa804c7a04d015b41.exe
    "C:\Users\Admin\AppData\Local\Temp\207b710761b3330aa804c7a04d015b41.exe"
    1⤵
    • Drops startup file
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell" Get-MpPreference -verbose
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2712

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2112-0-0x0000000000380000-0x000000000038A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2112-1-0x0000000074BA0000-0x000000007528E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2112-2-0x0000000004A00000-0x0000000004A40000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2112-10-0x0000000004A00000-0x0000000004A40000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2112-7-0x0000000074BA0000-0x000000007528E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2112-15-0x0000000074BA0000-0x000000007528E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/2712-5-0x0000000070E90000-0x000000007143B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2712-6-0x0000000070E90000-0x000000007143B000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2712-9-0x00000000026F0000-0x0000000002730000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2712-11-0x00000000026F0000-0x0000000002730000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2712-8-0x00000000026F0000-0x0000000002730000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2712-12-0x0000000070E90000-0x000000007143B000-memory.dmp

          Filesize

          5.7MB

          Download