be95c3b8c727bf769a9ef892c42ff2a3ed9fe764d3297f3214e715e243c69995

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-04-2024 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BANK INFORMATION.exe
Size

780KB
MD5

210f37c353be6b2739eaba795cd9b65a
SHA1

20bc7ff1b8e44e954290cd243d5f4eecb165b52a
SHA256

46ace3d6e4ad85d164526928dfc1827743f1f9caa7b46d342e211b807afaf55a
SHA512

ab96d81281aa8f09d86df31dd1bf900097e26778c6e3a557e746478fbc1fd3b0968aa0ea5891ff9f25abec373db9f6becf48edefa936abe7f0f06215b1bda2cd
SSDEEP

12288:R6rKqn3qGaNHEyC9/oR9gy5FHK7z9LQ5rMsYPCy+CobTDcQLiKE3dcF+P5FXpucl:RuKKPp9AR95yZAMszyiTDVWKE3zPX

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

BANK INFORMATION.exe

pid process

2504 BANK INFORMATION.exe
2504 BANK INFORMATION.exe
2504 BANK INFORMATION.exe
2504 BANK INFORMATION.exe
2504 BANK INFORMATION.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

BANK INFORMATION.exe

description pid process

Token: SeDebugPrivilege 2504 BANK INFORMATION.exe

pid	process
2504	BANK INFORMATION.exe
2504	BANK INFORMATION.exe
2504	BANK INFORMATION.exe
2504	BANK INFORMATION.exe
2504	BANK INFORMATION.exe

description	pid	process
Token: SeDebugPrivilege	2504	BANK INFORMATION.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

BANK INFORMATION.exe

description	pid	process	target process
PID 2504 wrote to memory of 2656	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2656	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2656	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2656	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2588	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2588	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2588	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2588	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2472	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2472	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2472	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2472	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2532	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2532	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2532	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2532	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2416	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2416	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2416	2504	BANK INFORMATION.exe	BANK INFORMATION.exe
PID 2504 wrote to memory of 2416	2504	BANK INFORMATION.exe	BANK INFORMATION.exe

C:\Users\Admin\AppData\Local\Temp\BANK INFORMATION.exe
"C:\Users\Admin\AppData\Local\Temp\BANK INFORMATION.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2504

C:\Users\Admin\AppData\Local\Temp\BANK INFORMATION.exe
"C:\Users\Admin\AppData\Local\Temp\BANK INFORMATION.exe"
2⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\BANK INFORMATION.exe
"C:\Users\Admin\AppData\Local\Temp\BANK INFORMATION.exe"
2⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\BANK INFORMATION.exe
"C:\Users\Admin\AppData\Local\Temp\BANK INFORMATION.exe"
2⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\BANK INFORMATION.exe
"C:\Users\Admin\AppData\Local\Temp\BANK INFORMATION.exe"
2⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\BANK INFORMATION.exe
"C:\Users\Admin\AppData\Local\Temp\BANK INFORMATION.exe"
2⤵
PID:2416

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2504-0-0x00000000003C0000-0x0000000000488000-memory.dmp

Filesize
800KB

Download
memory/2504-1-0x0000000074070000-0x000000007475E000-memory.dmp

Filesize
6.9MB

Download
memory/2504-2-0x0000000004EB0000-0x0000000004EF0000-memory.dmp

Filesize
256KB

Download
memory/2504-3-0x00000000005F0000-0x0000000000606000-memory.dmp

Filesize
88KB

Download
memory/2504-4-0x0000000074070000-0x000000007475E000-memory.dmp

Filesize
6.9MB

Download
memory/2504-5-0x0000000004EB0000-0x0000000004EF0000-memory.dmp

Filesize
256KB

Download
memory/2504-6-0x0000000005F70000-0x0000000005FFC000-memory.dmp

Filesize
560KB

Download
memory/2504-7-0x0000000002020000-0x0000000002044000-memory.dmp

Filesize
144KB

Download
memory/2504-8-0x0000000074070000-0x000000007475E000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads