Overview

overview

7

Static

static

3

1036dd134f...cd.exe

windows7-x64

7

1036dd134f...cd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 05:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1036dd134fb887fda4c7fb39996615cd.exe

  • Size

    37KB

  • MD5

    1036dd134fb887fda4c7fb39996615cd

  • SHA1

    0cd5a3a07ba1f4220bb0d089111fdcd1d85a3147

  • SHA256

    6610d013010a2def0d40ce7b639aef29b1b5e80b1a220829d20747ec2ee631fc

  • SHA512

    a9500e83da8ab8765ee9bcd7874eb7a48bcc0aa223d19067359d6da967ed2b231273665ddf5cf1474cb361b9bb127cd0983bdad4b6102a0b48124fa78674b060

  • SSDEEP

    768:UWB0VnSQjdRnstngdLt17fgQFpxEINuCm:jehHSngR37oi

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3388
      • C:\Users\Admin\AppData\Local\Temp\1036dd134fb887fda4c7fb39996615cd.exe
        "C:\Users\Admin\AppData\Local\Temp\1036dd134fb887fda4c7fb39996615cd.exe"
        2⤵
        • Loads dropped DLL
        • Drops file in System32 directory
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2700

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\SysWOW64\wgavast0.dll
            Filesize

            31KB

            MD5

            561758fc1589bc9ae311a2aa0f694105

            SHA1

            6d2bd0afb2b2d3c61d079a13604f40082c7757c4

            SHA256

            1e4bc9b8105dc8c0b468da2ddc70264e29e703f772ad8e74ae7ac24ae4cd55f9

            SHA512

            cef553bd5f6337fe99ec144eda04709413c61fd2b21cccc3ec1a79fc814a5ba0da4b83d039d081589354598e9c6523b63872dda5a1141b1680c12f581692b2ce

            Download Submit

          • memory/2700-0-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2700-1-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2700-6-0x0000000010000000-0x000000001000A000-memory.dmp

            Filesize

            40KB

            Download

          • memory/2700-8-0x0000000010000000-0x000000001000A000-memory.dmp

            Filesize

            40KB

            Download