Overview

overview

7

Static

static

3

PI for #13288.scr

windows7-x64

5

PI for #13288.scr

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    12-03-2024 03:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PI for #13288.scr

  • Size

    744KB

  • MD5

    ab74b52d1ea5ef201a973d429a1ea391

  • SHA1

    f49e82b818294e34759e96f673f0ccbdb7664f8b

  • SHA256

    dff16015060738ff6ca68093a23d4cd57e91af191a2398ac1afa00dcb4e4903f

  • SHA512

    16aa2fc0e81fae9b1d3c78e5e2819111278707a6fea5cadd80ca79c2392c54269562892d939a809ece5c18fe1e7e5cb904353988ef4933260dc488616c263604

  • SSDEEP

    12288:WHsJTENl3lVIEF/PWt/VEfR5IdJ84LjS57V+RWL6kg6HjagyxbDyQBU3tgp:jxENlHF/s9EXIdJ84izUkg6HjagyNUt

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 36 IoCs
  • Suspicious behavior: MapViewOfSection 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 34 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Users\Admin\AppData\Local\Temp\PI for #13288.scr
      "C:\Users\Admin\AppData\Local\Temp\PI for #13288.scr" /S
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2364
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\PI for #13288.scr"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3012
      • C:\Users\Admin\AppData\Local\Temp\PI for #13288.scr
        "C:\Users\Admin\AppData\Local\Temp\PI for #13288.scr"
        3⤵
          PID:2660
        • C:\Users\Admin\AppData\Local\Temp\PI for #13288.scr
          "C:\Users\Admin\AppData\Local\Temp\PI for #13288.scr"
          3⤵
            PID:2672
          • C:\Users\Admin\AppData\Local\Temp\PI for #13288.scr
            "C:\Users\Admin\AppData\Local\Temp\PI for #13288.scr"
            3⤵
              PID:2700
            • C:\Users\Admin\AppData\Local\Temp\PI for #13288.scr
              "C:\Users\Admin\AppData\Local\Temp\PI for #13288.scr"
              3⤵
                PID:2716
              • C:\Users\Admin\AppData\Local\Temp\PI for #13288.scr
                "C:\Users\Admin\AppData\Local\Temp\PI for #13288.scr"
                3⤵
                • Suspicious use of SetThreadContext
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious behavior: MapViewOfSection
                PID:2856
            • C:\Windows\SysWOW64\regsvr32.exe
              "C:\Windows\SysWOW64\regsvr32.exe"
              2⤵
              • Suspicious use of SetThreadContext
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: MapViewOfSection
              PID:2472

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1196-25-0x0000000003110000-0x0000000003210000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1196-26-0x0000000008DF0000-0x000000000B9CC000-memory.dmp

            Filesize

            43.9MB

            Download

          • memory/1196-34-0x0000000008DF0000-0x000000000B9CC000-memory.dmp

            Filesize

            43.9MB

            Download

          • memory/2364-0-0x00000000001E0000-0x000000000029C000-memory.dmp

            Filesize

            752KB

            Download

          • memory/2364-14-0x0000000074550000-0x0000000074C3E000-memory.dmp

            Filesize

            6.9MB

            Download

          • memory/2364-5-0x0000000000610000-0x000000000061E000-memory.dmp

            Filesize

            56KB

            Download

          • memory/2364-6-0x00000000051C0000-0x000000000524C000-memory.dmp

            Filesize

            560KB

            Download

          • memory/2364-1-0x0000000074550000-0x0000000074C3E000-memory.dmp

            Filesize

            6.9MB

            Download

          • memory/2364-3-0x0000000000580000-0x000000000059C000-memory.dmp

            Filesize

            112KB

            Download

          • memory/2364-2-0x00000000005B0000-0x00000000005F0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2364-4-0x00000000005F0000-0x00000000005FC000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2472-33-0x0000000001F20000-0x0000000001FC0000-memory.dmp

            Filesize

            640KB

            Download

          • memory/2472-32-0x0000000000090000-0x00000000000D0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2472-31-0x0000000002710000-0x0000000002A13000-memory.dmp

            Filesize

            3.0MB

            Download

          • memory/2472-28-0x0000000000090000-0x00000000000D0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2472-27-0x0000000000090000-0x00000000000D0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2472-35-0x0000000000090000-0x00000000000D0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2856-8-0x0000000000400000-0x0000000000443000-memory.dmp

            Filesize

            268KB

            Download

          • memory/2856-11-0x0000000000400000-0x0000000000443000-memory.dmp

            Filesize

            268KB

            Download

          • memory/2856-22-0x0000000000400000-0x0000000000443000-memory.dmp

            Filesize

            268KB

            Download

          • memory/2856-23-0x0000000000400000-0x0000000000443000-memory.dmp

            Filesize

            268KB

            Download

          • memory/2856-21-0x0000000000400000-0x0000000000443000-memory.dmp

            Filesize

            268KB

            Download

          • memory/2856-24-0x0000000000370000-0x0000000000391000-memory.dmp

            Filesize

            132KB

            Download

          • memory/2856-7-0x0000000000400000-0x0000000000443000-memory.dmp

            Filesize

            268KB

            Download

          • memory/2856-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2856-16-0x0000000000990000-0x0000000000C93000-memory.dmp

            Filesize

            3.0MB

            Download

          • memory/2856-30-0x0000000000370000-0x0000000000391000-memory.dmp

            Filesize

            132KB

            Download

          • memory/2856-29-0x0000000000400000-0x0000000000443000-memory.dmp

            Filesize

            268KB

            Download

          • memory/3012-20-0x000000006F4B0000-0x000000006FA5B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/3012-15-0x000000006F4B0000-0x000000006FA5B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/3012-17-0x0000000002C30000-0x0000000002C70000-memory.dmp

            Filesize

            256KB

            Download

          • memory/3012-18-0x000000006F4B0000-0x000000006FA5B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/3012-19-0x0000000002C30000-0x0000000002C70000-memory.dmp

            Filesize

            256KB

            Download