Overview

overview

10

Static

static

3

334c082043...97.exe

windows7-x64

9

334c082043...97.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 18:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    334c0820434d474ffc6d7347f8c27697.exe

  • Size

    574KB

  • MD5

    334c0820434d474ffc6d7347f8c27697

  • SHA1

    f0af5e6bb35f3b10f26386f4ad77db78ed0b4a72

  • SHA256

    1aa71ccdef644e05966553af027e6434454c8e76a1e04522a7ad2da789d8f248

  • SHA512

    8deaec055e232565d30de462082245d1d4967de1777e4d22d8969a017022da2479af029e37674c4a31d6aee1961e9b00f69808c6cf0d7a0f150a474ee2ff5d64

  • SSDEEP

    12288:WapTqZxyRlYoeibexh9mu+02dG0cMBxo/c7mo5oFCEkv:WiTqfyRuoFbC8j0sG0J7mo5oFCEkv

Score
9/10

Malware Config

Signatures

  • CustAttr .NET packer 1 IoCs

    Detects CustAttr .NET packer in memory.

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\334c0820434d474ffc6d7347f8c27697.exe
    "C:\Users\Admin\AppData\Local\Temp\334c0820434d474ffc6d7347f8c27697.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Users\Admin\AppData\Local\Temp\334c0820434d474ffc6d7347f8c27697.exe
      "C:\Users\Admin\AppData\Local\Temp\334c0820434d474ffc6d7347f8c27697.exe"
      2⤵
        PID:2724
      • C:\Users\Admin\AppData\Local\Temp\334c0820434d474ffc6d7347f8c27697.exe
        "C:\Users\Admin\AppData\Local\Temp\334c0820434d474ffc6d7347f8c27697.exe"
        2⤵
          PID:2484
        • C:\Users\Admin\AppData\Local\Temp\334c0820434d474ffc6d7347f8c27697.exe
          "C:\Users\Admin\AppData\Local\Temp\334c0820434d474ffc6d7347f8c27697.exe"
          2⤵
            PID:2480
          • C:\Users\Admin\AppData\Local\Temp\334c0820434d474ffc6d7347f8c27697.exe
            "C:\Users\Admin\AppData\Local\Temp\334c0820434d474ffc6d7347f8c27697.exe"
            2⤵
              PID:2824
            • C:\Users\Admin\AppData\Local\Temp\334c0820434d474ffc6d7347f8c27697.exe
              "C:\Users\Admin\AppData\Local\Temp\334c0820434d474ffc6d7347f8c27697.exe"
              2⤵
                PID:2736

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2972-0-0x0000000000370000-0x0000000000406000-memory.dmp

              Filesize

              600KB

              Download

            • memory/2972-1-0x0000000074E70000-0x000000007555E000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2972-2-0x0000000004C80000-0x0000000004CC0000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2972-3-0x0000000000410000-0x0000000000422000-memory.dmp

              Filesize

              72KB

              Download

            • memory/2972-4-0x0000000074E70000-0x000000007555E000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2972-5-0x0000000004C80000-0x0000000004CC0000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2972-6-0x00000000056A0000-0x0000000005712000-memory.dmp

              Filesize

              456KB

              Download

            • memory/2972-8-0x0000000074E70000-0x000000007555E000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2972-7-0x0000000000720000-0x000000000074A000-memory.dmp

              Filesize

              168KB

              Download