Overview

overview

7

Static

static

3

1cead43c56...3b.exe

windows7-x64

7

1cead43c56...3b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 21:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1cead43c5652c004e9d0259abb86583b.exe

  • Size

    40KB

  • MD5

    1cead43c5652c004e9d0259abb86583b

  • SHA1

    9b58954d4d24a0f9d2aaa5b0b05dc1a14c97e5d0

  • SHA256

    cb6896b135b4e8ea5d9a44aab0df3b4f1d7df752901a97caa72171fb64bc0473

  • SHA512

    9412859b304659a8321282dda09fabbea76908710470030f6d93055be1bd7f5f810ca1b558781e8ee09546889ef39e0b9084489bd9299517409984f944db1745

  • SSDEEP

    384:E6MTVKLTXsf5d5AwYy4gVNOJQ82OdxyYtClwIm14Cqf8yVhJfRS28kE6gUvu2fne:4TKWFAHvEQ47nRAaDvh/gD1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3296
      • C:\Users\Admin\AppData\Local\Temp\1cead43c5652c004e9d0259abb86583b.exe
        "C:\Users\Admin\AppData\Local\Temp\1cead43c5652c004e9d0259abb86583b.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3880
        • C:\Users\Admin\AppData\Local\Temp\170.exe
          C:\Users\Admin\AppData\Local\Temp\170.exe
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1168

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\170.exe
            Filesize

            7KB

            MD5

            0076424b1750ac34b394d1a1ca2c51c3

            SHA1

            719dffabbac5681bd2a9519077ffec19cc4abdfc

            SHA256

            3a8692e64a8f24adadac0d59fee045e5398c6ffba2d086500e75b33adf165be4

            SHA512

            1f99f93fa32195aac52500d4cc00a44b9c6253dd2d5c71d82af32d8efee7d44f4cd24e2654e3ec63a5b66818efc849bbbe037d46525610397ff6c477a99d55a1

            Download Submit

          • memory/3880-0-0x00007FFE373F0000-0x00007FFE37D91000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/3880-2-0x000000001B0F0000-0x000000001B196000-memory.dmp

            Filesize

            664KB

            Download

          • memory/3880-1-0x0000000000700000-0x0000000000710000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3880-3-0x00007FFE373F0000-0x00007FFE37D91000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/3880-9-0x00007FFE373F0000-0x00007FFE37D91000-memory.dmp

            Filesize

            9.6MB

            Download