Overview

overview

3

Static

static

3

740a086059...6e.exe

windows7-x64

1

740a086059...6e.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 07:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    740a086059fb943f88fdb7690da9b56e.exe

  • Size

    44KB

  • MD5

    740a086059fb943f88fdb7690da9b56e

  • SHA1

    9200b1cacb61beffd687794144a3e2d15dd340a2

  • SHA256

    009c2bce47e76e468fa19740dee32be553f2a3696ef49a85bea0fb8a1331afe1

  • SHA512

    4aceec47638b1671f6c0b3927f8fcbaa45fb4e861e1b9dda688ccf66e3fa7844d87cea035b0c16e02d136ac65915c92c56c2881defd738944e71461e086c215d

  • SSDEEP

    768:cxQB5hPwpDGrwxZgrSK4oVXALQmUNY0mMqSX5Zf+T8DanDYF2:cxQNPXrwDDK4qAjVP0GT8DYq2

Score
1/10

Malware Config

Signatures

  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\740a086059fb943f88fdb7690da9b56e.exe
    "C:\Users\Admin\AppData\Local\Temp\740a086059fb943f88fdb7690da9b56e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1096
    • C:\Windows\SysWOW64\taskkill.exe
      taskkill -f -im ashMaiSv.exe -im McShield.exe -im oasclnt.exe -im mcagent.exe -im McVSEscn.exe -im mcvsftsn.exe -im Mcdetect.exe -im McTskshd.exe -im mcvsshld.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\SetPnt32[1].htm
    Filesize

    5B

    MD5

    fda44910deb1a460be4ac5d56d61d837

    SHA1

    f6d0c643351580307b2eaa6a7560e76965496bc7

    SHA256

    933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9

    SHA512

    57dda9aa7c29f960cd7948a4e4567844d3289fa729e9e388e7f4edcbdf16bf6a94536598b4f9ff8942849f1f96bd3c00bc24a75e748a36fbf2a145f63bf904c1

    Download Submit

  • memory/1096-0-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1096-1-0x00000000005C0000-0x00000000005C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1096-66-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1096-122-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1096-123-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1096-248-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1096-428-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1096-576-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1096-643-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1096-710-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1096-860-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download