Overview

overview

10

Static

static

10

5907026171...c0.exe

windows7-x64

9

5907026171...c0.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    02/05/2024, 01:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5907026171021689f041dd8ad2a1533e8fb87910f695d811772be619f3b98dc0.exe

  • Size

    56KB

  • MD5

    4f561433fb2f2231a7ac54139d0cf5f0

  • SHA1

    93c83697ccad4978de499290eb6e452d6bc30c8e

  • SHA256

    5907026171021689f041dd8ad2a1533e8fb87910f695d811772be619f3b98dc0

  • SHA512

    a2e8ab0253150a0f9aabd95fffb92d3e3b91e2c280c6f2bbe56192edadaa1270e40b857ddaf4b44810b3e01ae2bc9d8227c4b0deb85197cfef652917d11b871b

  • SSDEEP

    768:n6rMP5D+rgR4vZdidsAtMnhHzfOe+bF/ZUrExMIh:dP5DCvkeZT+b/oE+I

Score
9/10

Malware Config

Signatures

  • Detects executables packed with SmartAssembly 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5907026171021689f041dd8ad2a1533e8fb87910f695d811772be619f3b98dc0.exe
    "C:\Users\Admin\AppData\Local\Temp\5907026171021689f041dd8ad2a1533e8fb87910f695d811772be619f3b98dc0.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
      2⤵
        PID:2808
      • C:\Windows\SysWOW64\cmd.exe
        "cmd.exe" /C mkdir "C:\Users\Admin\AppData\Roaming\MicrosoftTools"
        2⤵
          PID:2348
        • C:\Windows\SysWOW64\cmd.exe
          "cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\MicrosoftTools\MicrosoftTools.exe'" /f
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:2692
          • C:\Windows\SysWOW64\schtasks.exe
            schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\MicrosoftTools\MicrosoftTools.exe'" /f
            3⤵
            • Creates scheduled task(s)
            PID:2716
        • C:\Windows\SysWOW64\cmd.exe
          "cmd.exe" /C copy "C:\Users\Admin\AppData\Local\Temp\5907026171021689f041dd8ad2a1533e8fb87910f695d811772be619f3b98dc0.exe" "C:\Users\Admin\AppData\Roaming\MicrosoftTools\MicrosoftTools.exe"
          2⤵
            PID:2920
        • C:\Windows\system32\taskeng.exe
          taskeng.exe {DDFFD2DC-2EF4-40B0-AAB1-196CDDFE36A8} S-1-5-21-2721934792-624042501-2768869379-1000:BISMIZHX\Admin:Interactive:[1]
          1⤵
            PID:2724

          Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • memory/1720-0-0x00000000744CE000-0x00000000744CF000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/1720-1-0x0000000000830000-0x0000000000842000-memory.dmp

                  Filesize

                  72KB

                  Download

                • memory/1720-2-0x00000000744C0000-0x0000000074BAE000-memory.dmp

                  Filesize

                  6.9MB

                  Download

                • memory/1720-3-0x00000000744C0000-0x0000000074BAE000-memory.dmp

                  Filesize

                  6.9MB

                  Download

                • memory/1720-13-0x00000000744C0000-0x0000000074BAE000-memory.dmp

                  Filesize

                  6.9MB

                  Download

                • memory/2808-4-0x0000000000080000-0x0000000000085000-memory.dmp

                  Filesize

                  20KB

                  Download

                • memory/2808-8-0x0000000000080000-0x0000000000085000-memory.dmp

                  Filesize

                  20KB

                  Download

                • memory/2808-7-0x0000000000080000-0x0000000000085000-memory.dmp

                  Filesize

                  20KB

                  Download

                • memory/2808-6-0x0000000000080000-0x0000000000085000-memory.dmp

                  Filesize

                  20KB

                  Download

                • memory/2808-9-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2808-10-0x0000000000080000-0x0000000000085000-memory.dmp

                  Filesize

                  20KB

                  Download