Overview

overview

10

Static

static

3

75048b2cf8...af.exe

windows7-x64

1

75048b2cf8...af.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 16:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75048b2cf840c20b06c3b36ccc77b7af.exe

  • Size

    139KB

  • MD5

    75048b2cf840c20b06c3b36ccc77b7af

  • SHA1

    a6b402cad583c3fb402ea205e6129a8ba905990b

  • SHA256

    791831034a36bfa2213940dfd9ffc6cb9dc0660ecd1a6d8de3565260c9cec8d2

  • SHA512

    ea029284f31fd44ed023b1fb3f7c0541943ae507914eeac6e4a1ed70ba063a9e4ac5adae92ed8db0c1d721653fcb58244ecd24d2d89865ae6ecb5893506ed50e

  • SSDEEP

    3072:IV2MAwtwxC451FTDQ023yHav4gFGMHJeGrkW2gYmY:IMec7MyHaAgFGMHJeDW2g

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\services.exe
    C:\Windows\system32\services.exe
    1⤵
      PID:464
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k LocalService
        2⤵
          PID:964
        • C:\Windows\system32\taskhost.exe
          "taskhost.exe"
          2⤵
            PID:1120
          • C:\Windows\system32\sppsvc.exe
            C:\Windows\system32\sppsvc.exe
            2⤵
              PID:1748
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
              2⤵
                PID:2388
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                2⤵
                  PID:1044
                • C:\Windows\System32\spoolsv.exe
                  C:\Windows\System32\spoolsv.exe
                  2⤵
                    PID:296
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k NetworkService
                    2⤵
                      PID:280
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k netsvcs
                      2⤵
                        PID:836
                      • C:\Windows\System32\svchost.exe
                        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                        2⤵
                          PID:800
                        • C:\Windows\System32\svchost.exe
                          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                          2⤵
                            PID:756
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k RPCSS
                            2⤵
                              PID:672
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k DcomLaunch
                              2⤵
                                PID:596
                            • C:\Windows\system32\winlogon.exe
                              winlogon.exe
                              1⤵
                                PID:420
                              • C:\Windows\system32\csrss.exe
                                %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                1⤵
                                  PID:384
                                • C:\Windows\system32\wininit.exe
                                  wininit.exe
                                  1⤵
                                    PID:372
                                    • C:\Windows\system32\lsass.exe
                                      C:\Windows\system32\lsass.exe
                                      2⤵
                                        PID:476
                                      • C:\Windows\system32\lsm.exe
                                        C:\Windows\system32\lsm.exe
                                        2⤵
                                          PID:484
                                      • C:\Windows\system32\DllHost.exe
                                        C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                        1⤵
                                          PID:2504
                                        • C:\Windows\Explorer.EXE
                                          C:\Windows\Explorer.EXE
                                          1⤵
                                            PID:1252
                                            • C:\Users\Admin\AppData\Local\Temp\75048b2cf840c20b06c3b36ccc77b7af.exe
                                              "C:\Users\Admin\AppData\Local\Temp\75048b2cf840c20b06c3b36ccc77b7af.exe"
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious behavior: MapViewOfSection
                                              • Suspicious use of AdjustPrivilegeToken
                                              • Suspicious use of WriteProcessMemory
                                              PID:3016
                                          • C:\Windows\system32\Dwm.exe
                                            "C:\Windows\system32\Dwm.exe"
                                            1⤵
                                              PID:1200

                                            Network

                                            MITRE ATT&CK Matrix

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • memory/3016-0-0x0000000001000000-0x0000000001027000-memory.dmp

                                              Filesize

                                              156KB

                                              Download

                                            • memory/3016-1-0x00000000775DF000-0x00000000775E0000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/3016-2-0x00000000775E0000-0x00000000775E1000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/3016-3-0x0000000001000000-0x0000000001027000-memory.dmp

                                              Filesize

                                              156KB

                                              Download