Overview

overview

10

Static

static

3

AWB_NO_907...11.exe

windows7-x64

5

AWB_NO_907...11.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AWB_NO_907853880911.exe

  • Size

    743KB

  • MD5

    2685c5b3d73fe94a815a84c1dd5813ef

  • SHA1

    edf893ff59c3437e942fd8cd40c9381ef536dbf2

  • SHA256

    27769f4bb96d0e605bdc282658c6a729e4ceb8447cd9e1f9880c69862258e66f

  • SHA512

    a989d2198b0a9d8bddff535bd821c124b347cbdb0a2ffb91ce76b9d91a4847e38ffd2a58300e53366004628729d5ac9d9dfc10539ae6808ab6c3d26877e6fc65

  • SSDEEP

    12288:X4nWcI58atfrHsfjGrfrtofP/l1rkxNVOIiB3bow5404ni0C0eb:X4Y5JDsfjStMn3rkxNo+w5/4+0

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AWB_NO_907853880911.exe
    "C:\Users\Admin\AppData\Local\Temp\AWB_NO_907853880911.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Users\Admin\AppData\Local\Temp\AWB_NO_907853880911.exe
      "C:\Users\Admin\AppData\Local\Temp\AWB_NO_907853880911.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2732
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 36
        3⤵
        • Program crash
        PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2208-6-0x0000000005070000-0x00000000050F0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2208-0-0x0000000000080000-0x0000000000140000-memory.dmp
    Filesize

    768KB

    Download
  • memory/2208-2-0x00000000004B0000-0x00000000004F0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2208-3-0x0000000000470000-0x0000000000488000-memory.dmp
    Filesize

    96KB

    Download
  • memory/2208-4-0x00000000004A0000-0x00000000004A8000-memory.dmp
    Filesize

    32KB

    Download
  • memory/2208-5-0x0000000000500000-0x000000000050C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/2208-1-0x00000000740A0000-0x000000007478E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2208-7-0x00000000740A0000-0x000000007478E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2208-15-0x00000000740A0000-0x000000007478E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2208-8-0x00000000004B0000-0x00000000004F0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2732-9-0x0000000000400000-0x000000000043F000-memory.dmp
    Filesize

    252KB

    Download
  • memory/2732-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2732-14-0x0000000000400000-0x000000000043F000-memory.dmp
    Filesize

    252KB

    Download
  • memory/2732-11-0x0000000000400000-0x000000000043F000-memory.dmp
    Filesize

    252KB

    Download