Overview

overview

3

Static

static

3

ef12e49364...e9.exe

windows7-x64

1

ef12e49364...e9.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/01/2024, 15:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ef12e493649f43ffcdf4716daa941a72f9525d596115c147f8811c5e8e00bee9.exe

  • Size

    1.4MB

  • MD5

    4c7aebe6de86d8db784fc5323501b275

  • SHA1

    bcbb2cb0c22d78542246a93bccec2c61fa0b774f

  • SHA256

    ef12e493649f43ffcdf4716daa941a72f9525d596115c147f8811c5e8e00bee9

  • SHA512

    6d3fe4e56527b93464be2250256c9466933b0258cfad9ef54e0df26f0889789798bfb1fc9c61d82dacbc128aab79ed4fbdcbfffa4d5113db3757e8bdc43823d8

  • SSDEEP

    24576:vZeukrojve+d8lmOQ8lH+c4BOh9rwBKh/ywul+asxWs2:vAkTe+d8lTHJ9rGW/j2+aD

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ef12e493649f43ffcdf4716daa941a72f9525d596115c147f8811c5e8e00bee9.exe
    "C:\Users\Admin\AppData\Local\Temp\ef12e493649f43ffcdf4716daa941a72f9525d596115c147f8811c5e8e00bee9.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Expand-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\InputTipCursor.zip' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp'
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1200

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\InputTip_input_state.ini
          Filesize

          90B

          MD5

          1e4b373192948b8aeb792966eb542662

          SHA1

          822b86ca73836c70c852bcc67efc6246fbc74b48

          SHA256

          c5b850d2496b8c4e86bab82e289143aea247a6855bb67c3d64de07f35b5db6d4

          SHA512

          e3fdd4271021bad50618537b18e26b009f935562f8d5838d66702f044f3f9d9cec7a9cb89f343f2603915275476299169a6f4456bfac29c4c8b11e202aaf5d4b

          Download Submit

        • memory/1200-11-0x000000001B240000-0x000000001B522000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/1200-12-0x0000000002490000-0x0000000002498000-memory.dmp

          Filesize

          32KB

          Download

        • memory/1200-13-0x000007FEF57A0000-0x000007FEF613D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1200-14-0x0000000002570000-0x00000000025F0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1200-15-0x000007FEF57A0000-0x000007FEF613D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1200-16-0x0000000002570000-0x00000000025F0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1200-17-0x0000000002570000-0x00000000025F0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1200-18-0x0000000002570000-0x00000000025F0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1200-19-0x000007FEF57A0000-0x000007FEF613D000-memory.dmp

          Filesize

          9.6MB

          Download