Overview

overview

5

Static

static

3

d3f18f0a0b...74.exe

windows7-x64

5

d3f18f0a0b...74.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    04/06/2024, 01:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d3f18f0a0b2c7b7f8e365b00f804f76f0b747824086c5a9530471efd1ebf5174.exe

  • Size

    959KB

  • MD5

    f5b20b005cbb604eec709f984166ca68

  • SHA1

    6dc9f3042ae2074c22e0aaf2e3e3219ff90e5e94

  • SHA256

    d3f18f0a0b2c7b7f8e365b00f804f76f0b747824086c5a9530471efd1ebf5174

  • SHA512

    3602275f7ac78d2535f46ad2be0654ff8f1d653e29a66a1d59c46c629a53172edb1788384df5baebfd30208a3e71f05e153463ba753bc4f8306a4177d8f371f1

  • SSDEEP

    12288:DhX0D9CQStfAheg7w2PUXWkdzyeNaoURCReJKv0+OOt8PYuTBa7ds/VtbTUsvExU:h0DUY7TsfdHaoUR818CyPYA/bIzO9

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3f18f0a0b2c7b7f8e365b00f804f76f0b747824086c5a9530471efd1ebf5174.exe
    "C:\Users\Admin\AppData\Local\Temp\d3f18f0a0b2c7b7f8e365b00f804f76f0b747824086c5a9530471efd1ebf5174.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1028
    • C:\Users\Admin\AppData\Local\Temp\d3f18f0a0b2c7b7f8e365b00f804f76f0b747824086c5a9530471efd1ebf5174.exe
      "C:\Users\Admin\AppData\Local\Temp\d3f18f0a0b2c7b7f8e365b00f804f76f0b747824086c5a9530471efd1ebf5174.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2600
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 36
        3⤵
        • Program crash
        PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1028-13-0x0000000074920000-0x000000007500E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1028-12-0x0000000074920000-0x000000007500E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1028-2-0x0000000074920000-0x000000007500E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1028-3-0x0000000005560000-0x00000000055A4000-memory.dmp

    Filesize

    272KB

    Download

  • memory/1028-4-0x000000007492E000-0x000000007492F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1028-5-0x0000000074920000-0x000000007500E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1028-1-0x0000000000030000-0x0000000000126000-memory.dmp

    Filesize

    984KB

    Download

  • memory/1028-6-0x00000000006A0000-0x00000000006BA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1028-15-0x0000000074920000-0x000000007500E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1028-7-0x0000000000650000-0x0000000000656000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1028-0-0x000000007492E000-0x000000007492F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2600-9-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2600-10-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2600-14-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2600-8-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2600-16-0x00000000008A0000-0x0000000000BA3000-memory.dmp

    Filesize

    3.0MB

    Download