Overview

overview

10

Static

static

3

804e6c9e35...31.exe

windows7-x64

3

804e6c9e35...31.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2024 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    804e6c9e35ced60e4f63166b0b1e6431.exe

  • Size

    404KB

  • MD5

    804e6c9e35ced60e4f63166b0b1e6431

  • SHA1

    0617a7247a93933fa72cc17a369467a393847734

  • SHA256

    696f8a6a73cfa9a84daf49781b0bd93e3a6ce36cda1330450b511706983dccb4

  • SHA512

    0db3813f8fc5df8ed83a93ba44927e7e8134b5c30a45bcb0f3d003f92a04ebbfb81310fa79481c583a05638ce5b0ed0dead9ec9c07d71cb0ed2a4a424e26c184

  • SSDEEP

    12288:6aOR+AzP3tHBHxFnT+VQaL95JcrzQURul5lAbUJ8EVPG:6T8ATlBRkVz9IzjR6

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\804e6c9e35ced60e4f63166b0b1e6431.exe
    "C:\Users\Admin\AppData\Local\Temp\804e6c9e35ced60e4f63166b0b1e6431.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windo 1 -noexit -exec bypass -file "C:\Users\Public\weHtmYs.ps1"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1596

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\weHtmYs.ps1
    Filesize

    24KB

    MD5

    54c60141db7cc6351f76dd7fed19a575

    SHA1

    5336083aee420b40d3ebb3eab56a4afd7d0fc9bc

    SHA256

    869f514fecc74a2444b49990f0a975c681af67b946a66c13af77d8bc14e45a11

    SHA512

    a34157249f6b6f462c98cd587abdb9914e50515de5953197ee15fb81bd7b57ef48aff470fee806f258f34b1e29b56f521ac3eb092d678348bcc27f3de60e0f96

    Download Submit
  • memory/1596-9-0x0000000001CA0000-0x0000000001CE0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1596-6-0x0000000073310000-0x00000000738BB000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/1596-7-0x0000000073310000-0x00000000738BB000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/1596-8-0x0000000001CA0000-0x0000000001CE0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1596-10-0x0000000001CA0000-0x0000000001CE0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1596-12-0x0000000073310000-0x00000000738BB000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/1596-13-0x0000000001CA0000-0x0000000001CE0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1596-15-0x0000000001CA0000-0x0000000001CE0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1596-14-0x0000000001CA0000-0x0000000001CE0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1996-3-0x00000000744D0000-0x0000000074BBE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1996-0-0x0000000000070000-0x00000000000DC000-memory.dmp
    Filesize

    432KB

    Download
  • memory/1996-1-0x00000000744D0000-0x0000000074BBE000-memory.dmp
    Filesize

    6.9MB

    Download