Overview

overview

10

Static

static

1

v0hRSGca3D2Z7cW.exe

windows7-x64

1

v0hRSGca3D2Z7cW.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    28-04-2024 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    v0hRSGca3D2Z7cW.exe

  • Size

    779KB

  • MD5

    79869ac2557f532c7db50785f59f8057

  • SHA1

    4458bc01d37a3a3feb24b8da5b9f8190356c59d8

  • SHA256

    6465b2c5702a723c7229e33fdf38676e3b0e0049b5b632e2fe6e210713f6a7e7

  • SHA512

    b2079da931d878accc6c2f7f81f07b313689bcbeccb7319a3b1fac7dcf3abfc44406a40d48215bd8d74519bed1d266a3ccb81549b5fe14bd41c4600698647fea

  • SSDEEP

    12288:HuqnHvjNIrpf9rN/mc/ChYgp70NtH95FYIqe17df6dFFHCApvlmJg0kR:H7PjKr5BNDUYgl8tdDY1qBf6d/HCApdr

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\v0hRSGca3D2Z7cW.exe
    "C:\Users\Admin\AppData\Local\Temp\v0hRSGca3D2Z7cW.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Users\Admin\AppData\Local\Temp\v0hRSGca3D2Z7cW.exe
      "C:\Users\Admin\AppData\Local\Temp\v0hRSGca3D2Z7cW.exe"
      2⤵
        PID:1288
      • C:\Users\Admin\AppData\Local\Temp\v0hRSGca3D2Z7cW.exe
        "C:\Users\Admin\AppData\Local\Temp\v0hRSGca3D2Z7cW.exe"
        2⤵
          PID:2528
        • C:\Users\Admin\AppData\Local\Temp\v0hRSGca3D2Z7cW.exe
          "C:\Users\Admin\AppData\Local\Temp\v0hRSGca3D2Z7cW.exe"
          2⤵
            PID:2260
          • C:\Users\Admin\AppData\Local\Temp\v0hRSGca3D2Z7cW.exe
            "C:\Users\Admin\AppData\Local\Temp\v0hRSGca3D2Z7cW.exe"
            2⤵
              PID:1340
            • C:\Users\Admin\AppData\Local\Temp\v0hRSGca3D2Z7cW.exe
              "C:\Users\Admin\AppData\Local\Temp\v0hRSGca3D2Z7cW.exe"
              2⤵
                PID:2060

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2952-0-0x00000000003A0000-0x0000000000464000-memory.dmp
              Filesize

              784KB

              Download
            • memory/2952-1-0x0000000074AA0000-0x000000007518E000-memory.dmp
              Filesize

              6.9MB

              Download
            • memory/2952-2-0x0000000004D60000-0x0000000004DA0000-memory.dmp
              Filesize

              256KB

              Download
            • memory/2952-3-0x0000000000480000-0x00000000004A0000-memory.dmp
              Filesize

              128KB

              Download
            • memory/2952-4-0x00000000004B0000-0x00000000004C4000-memory.dmp
              Filesize

              80KB

              Download
            • memory/2952-5-0x0000000004E80000-0x0000000004EF6000-memory.dmp
              Filesize

              472KB

              Download
            • memory/2952-6-0x0000000074AA0000-0x000000007518E000-memory.dmp
              Filesize

              6.9MB

              Download