Overview

overview

6

Static

static

3

f35641adf2...c6.exe

windows7-x64

1

f35641adf2...c6.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    129s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    07/01/2024, 08:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f35641adf27a9b24f453123f9f6fb4c6.exe

  • Size

    16.6MB

  • MD5

    f35641adf27a9b24f453123f9f6fb4c6

  • SHA1

    deb5ce3c9078cd6b848cec2867c7235b577d7d28

  • SHA256

    f4c981438a224d6e37c984b07556a444c6f8677d76e566a1b54db33847f559c9

  • SHA512

    3df7aa97462d29d8270ccede9da214f2b352e23fca2e32755c2c667370ab5ad521224aad4fab016156baca9a35a9514632628b10430e20dc5c70a6dd8f4a2b17

  • SSDEEP

    196608:XCHH1uGZCICCWh8yA9pfd23u1Ojx8S1bKKGCOt:XCHVuuCZ85NM798S1ACOt

Score
1/10

Malware Config

Signatures

  • Runs ping.exe 1 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f35641adf27a9b24f453123f9f6fb4c6.exe
    "C:\Users\Admin\AppData\Local\Temp\f35641adf27a9b24f453123f9f6fb4c6.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1476
    • C:\Windows\SysWOW64\cmd.exe
      "cmd" /c ping 127.0.0.1 -n 7 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Vencord" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Vencord\VencordHelper.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1956
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.0.0.1 -n 7
        3⤵
        • Runs ping.exe
        PID:1840
      • C:\Windows\SysWOW64\reg.exe
        REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "Vencord" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Vencord\VencordHelper.exe"
        3⤵
          PID:2532
      • C:\Windows\SysWOW64\cmd.exe
        "cmd" /c ping 127.0.0.1 -n 17 > nul && copy "C:\Users\Admin\AppData\Local\Temp\f35641adf27a9b24f453123f9f6fb4c6.exe" "C:\Users\Admin\AppData\Roaming\Vencord\VencordHelper.exe" && ping 127.0.0.1 -n 17 > nul && "C:\Users\Admin\AppData\Roaming\Vencord\VencordHelper.exe"
        2⤵
          PID:772
          • C:\Windows\SysWOW64\PING.EXE
            ping 127.0.0.1 -n 17
            3⤵
            • Runs ping.exe
            PID:320
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.0.0.1 -n 17
        1⤵
        • Runs ping.exe
        PID:960

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1476-0-0x0000000000850000-0x00000000018FA000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/1476-1-0x0000000006290000-0x00000000062D4000-memory.dmp

              Filesize

              272KB

              Download