Overview

overview

7

Static

static

3

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-05-2024 20:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    539KB

  • MD5

    9d4d3e9107fab87e6b86d8ad6cfc8244

  • SHA1

    841e2183ebee75b32319ce7cf81f82f8d2ca3cea

  • SHA256

    a6516b7a67fd64731c893ad8ee12c2878673841cbb756a8e597812da52b08027

  • SHA512

    e9da618fa873db7a2b5ab4813db6ef6bd0c2356c4682c9415b9b62dc192e1fc8e5fee423c698cc3695e665e2699664c68c8041746ad0e51753309a9bc21eecf3

  • SSDEEP

    12288:v5d20CeBNGZiM1KVO0VeUOmC5sf52gpc/6ZpKS9fJsM9gQ07DG2iHh9v7zZwZE+t:xd20rwZiM1d0V78m4WL

Score
7/10
spyware

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4312
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\d3d9.dll
    Filesize

    923KB

    MD5

    e496eb04f812481319e7ebc5f64c253b

    SHA1

    029b852d41223c4c246f51026acbf7b6b7856d28

    SHA256

    1233aaf0fd000edcfaf0e4f96f1878fea2d8defab0d6c26cfae7167c21c4ba93

    SHA512

    edb5becec9a2292e9c982eb7b1dfc0f0e473a1800425245738d689bec2b3ac3c4f21e8074a4308c38a21dbd77216242708302ed98feb128e8cbde818a6c0dd85

    Download Submit

  • memory/1332-24-0x0000000009100000-0x0000000009176000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1332-23-0x00000000087C0000-0x0000000008826000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1332-17-0x0000000074D30000-0x00000000754E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1332-9-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/1332-18-0x00000000089E0000-0x0000000008FF8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/1332-29-0x0000000074D30000-0x00000000754E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1332-14-0x0000000074D30000-0x00000000754E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1332-13-0x0000000005750000-0x0000000005CF4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1332-15-0x00000000052A0000-0x0000000005332000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1332-19-0x0000000008530000-0x000000000863A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1332-27-0x000000000A7E0000-0x000000000AD0C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/1332-26-0x000000000A0E0000-0x000000000A2A2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1332-16-0x0000000005380000-0x000000000538A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1332-20-0x0000000008470000-0x0000000008482000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1332-21-0x00000000084D0000-0x000000000850C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1332-22-0x0000000008640000-0x000000000868C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1332-25-0x00000000089A0000-0x00000000089BE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4312-0-0x0000000074D3E000-0x0000000074D3F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4312-2-0x0000000003330000-0x0000000003336000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4312-30-0x0000000074D30000-0x00000000754E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4312-1-0x0000000000EB0000-0x0000000000F3E000-memory.dmp

    Filesize

    568KB

    Download

  • memory/4312-12-0x0000000074D30000-0x00000000754E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4312-11-0x00000000777D1000-0x00000000778F1000-memory.dmp

    Filesize

    1.1MB

    Download