Overview

overview

5

Static

static

3

2dad4966cf...f3.exe

windows7-x64

5

2dad4966cf...f3.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    141s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 01:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2dad4966cfeff750760dbac52eb1db02b77515fe06599a756bf4bdfb6a7e9df3.exe

  • Size

    791KB

  • MD5

    c4a6297b79141d28849a7d5c3a7f046c

  • SHA1

    65fc3f8aff2aade19bc0a9c4fbd6ecaf9f94d071

  • SHA256

    2dad4966cfeff750760dbac52eb1db02b77515fe06599a756bf4bdfb6a7e9df3

  • SHA512

    b96822fb3bc8abca6c4d2301a20e730b73ab93306ee22f408a05910eb6904a9db186134986384f7a1a5462f532760d39f6bb20885e5801472726af328e166015

  • SSDEEP

    12288:xIlWET/mr9K+22BEEzFatnv1KakJkeYXrluEyfXfKDhOJodTVWWUjy0CUTrLJXgX:KWtb3BEN1QCrEEESDh9TVWFy0CQy

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2dad4966cfeff750760dbac52eb1db02b77515fe06599a756bf4bdfb6a7e9df3.exe
    "C:\Users\Admin\AppData\Local\Temp\2dad4966cfeff750760dbac52eb1db02b77515fe06599a756bf4bdfb6a7e9df3.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4076
    • C:\Users\Admin\AppData\Local\Temp\2dad4966cfeff750760dbac52eb1db02b77515fe06599a756bf4bdfb6a7e9df3.exe
      "C:\Users\Admin\AppData\Local\Temp\2dad4966cfeff750760dbac52eb1db02b77515fe06599a756bf4bdfb6a7e9df3.exe"
      2⤵
        PID:2588
      • C:\Users\Admin\AppData\Local\Temp\2dad4966cfeff750760dbac52eb1db02b77515fe06599a756bf4bdfb6a7e9df3.exe
        "C:\Users\Admin\AppData\Local\Temp\2dad4966cfeff750760dbac52eb1db02b77515fe06599a756bf4bdfb6a7e9df3.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2720
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 184
          3⤵
          • Program crash
          PID:3816
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2720 -ip 2720
      1⤵
        PID:4900
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:4760

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2720-11-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2720-16-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

          Download

        • memory/2720-15-0x0000000001280000-0x00000000015CA000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/4076-8-0x000000000D6F0000-0x000000000D700000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4076-4-0x0000000074D90000-0x0000000075540000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4076-5-0x0000000005850000-0x000000000585A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/4076-6-0x0000000005DF0000-0x0000000005E12000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4076-7-0x0000000005AE0000-0x0000000005AEC000-memory.dmp

          Filesize

          48KB

          Download

        • memory/4076-0-0x0000000074D9E000-0x0000000074D9F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4076-9-0x0000000005200000-0x000000000528A000-memory.dmp

          Filesize

          552KB

          Download

        • memory/4076-10-0x0000000011200000-0x000000001129C000-memory.dmp

          Filesize

          624KB

          Download

        • memory/4076-3-0x0000000005780000-0x0000000005812000-memory.dmp

          Filesize

          584KB

          Download

        • memory/4076-12-0x0000000074D9E000-0x0000000074D9F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4076-14-0x0000000074D90000-0x0000000075540000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4076-2-0x0000000005E20000-0x00000000063C4000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/4076-1-0x0000000000CE0000-0x0000000000DAC000-memory.dmp

          Filesize

          816KB

          Download