Overview

overview

10

Static

static

3

07fc6c133a...87.exe

windows7-x64

10

07fc6c133a...87.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 00:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    07fc6c133ac30a6fd39a747c98e09587.exe

  • Size

    246KB

  • MD5

    07fc6c133ac30a6fd39a747c98e09587

  • SHA1

    8beee3ee4a91a7ad9f5e8a5fc7ad07974cad28e9

  • SHA256

    715ba6283712abf979d61dc2c1a43e77f6c97bb12b470d902847eb4c81aeddd8

  • SHA512

    86aac09ab7f6ae9ab9ac45f1d9f146bff4fe30cc4ff31258b08faf546fbdfaaf8c540489a39a81b8740455d4edd4edd837793ab56c89744e4f606ba9f0a39946

  • SSDEEP

    6144:Z6ufQ0U5eHWmCT6gzro1Ud3XsEElay9ra:MufnHW1JEUdMEElaYr

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of UnmapMainImage
    PID:3444
    • C:\Users\Admin\AppData\Local\Temp\07fc6c133ac30a6fd39a747c98e09587.exe
      "C:\Users\Admin\AppData\Local\Temp\07fc6c133ac30a6fd39a747c98e09587.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:3132
      • C:\Windows\explorer.exe
        00000208*
        3⤵
          PID:2824
        • C:\Users\Admin\AppData\Local\ad0c643d\X
          193.105.154.210:80
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4368

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\ad0c643d\X
            Filesize

            41KB

            MD5

            686b479b0ee164cf1744a8be359ebb7d

            SHA1

            8615e8f967276a85110b198d575982a958581a07

            SHA256

            fcfbb4c648649f4825b66504b261f912227ba32cbaabcadf4689020a83fb201b

            SHA512

            7ed8022e2b09f232150b77fc3a25269365b624f19f0b50c46a4fdf744eeb23294c09c051452c4c9dbb34a274f1a0bfc54b3ff1987ec16ae2e54848e22a97ed64

            Download Submit

          • memory/2824-1-0x0000000000880000-0x0000000000892000-memory.dmp

            Filesize

            72KB

            Download

          • memory/3132-4-0x0000000000400000-0x00000000004442F0-memory.dmp

            Filesize

            272KB

            Download

          • memory/3132-6-0x0000000000703000-0x0000000000733000-memory.dmp

            Filesize

            192KB

            Download

          • memory/3444-9-0x0000000002470000-0x0000000002478000-memory.dmp

            Filesize

            32KB

            Download