Overview

overview

7

Static

static

3

c26181a2d5...d0.exe

windows7-x64

7

c26181a2d5...d0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    12-03-2024 03:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c26181a2d565266641c9870cc7cd8fd0.exe

  • Size

    326KB

  • MD5

    c26181a2d565266641c9870cc7cd8fd0

  • SHA1

    32ad7025eaeb8e341eed34b4c00f12edae7777fd

  • SHA256

    c3a750221a703ce3cf8d451de6cde6344953fbef924f4db9b4875a46a78e0f71

  • SHA512

    70b77c394d05f6a2e6c1809f007c5421f311c54180a0d291077829461b1c4bf2966ea77a595c86313a31f517243e76f0b5c9a3f424e1e03f9dc2120a091efd54

  • SSDEEP

    6144:h7F2idZecnl20lHRxp3gRp5qPjyzoBBgkrYNkO//PxzeP4zmDVhxp:/F3Z4mxxe7qPjyzgBLrkR/ZzeQK3

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c26181a2d565266641c9870cc7cd8fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\c26181a2d565266641c9870cc7cd8fd0.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\C26181~1.EXE > nul
      2⤵
        PID:2644
    • C:\Windows\SysWOW64\c26181a2d565266641c9870cc7cd8fd0.exe
      C:\Windows\SysWOW64\c26181a2d565266641c9870cc7cd8fd0.exe
      1⤵
      • Executes dropped EXE
      PID:3044

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\c26181a2d565266641c9870cc7cd8fd0.exe
      Filesize

      326KB

      MD5

      c26181a2d565266641c9870cc7cd8fd0

      SHA1

      32ad7025eaeb8e341eed34b4c00f12edae7777fd

      SHA256

      c3a750221a703ce3cf8d451de6cde6344953fbef924f4db9b4875a46a78e0f71

      SHA512

      70b77c394d05f6a2e6c1809f007c5421f311c54180a0d291077829461b1c4bf2966ea77a595c86313a31f517243e76f0b5c9a3f424e1e03f9dc2120a091efd54

      Download Submit

    • memory/3044-17-0x0000000000400000-0x0000000000495000-memory.dmp

      Filesize

      596KB

      Download

    • memory/3044-14-0x0000000000A40000-0x0000000000A94000-memory.dmp

      Filesize

      336KB

      Download

    • memory/3044-13-0x0000000000400000-0x0000000000495000-memory.dmp

      Filesize

      596KB

      Download

    • memory/3064-6-0x0000000001F50000-0x0000000001F51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-5-0x0000000000570000-0x0000000000571000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-4-0x0000000000590000-0x0000000000591000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-3-0x0000000001F60000-0x0000000001F61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-2-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-1-0x00000000004A0000-0x00000000004F4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/3064-10-0x0000000001F30000-0x0000000001F31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-0-0x0000000000400000-0x0000000000495000-memory.dmp

      Filesize

      596KB

      Download

    • memory/3064-7-0x0000000001F40000-0x0000000001F41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-8-0x0000000001F70000-0x0000000001F71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-15-0x0000000000400000-0x0000000000495000-memory.dmp

      Filesize

      596KB

      Download

    • memory/3064-16-0x00000000004A0000-0x00000000004F4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/3064-9-0x00000000005A0000-0x00000000005A1000-memory.dmp

      Filesize

      4KB

      Download