Overview

overview

3

Static

static

3

smi_gui.exe

windows7-x64

1

smi_gui.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    5s
  • max time network
    0s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2024, 20:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    smi_gui.exe

  • Size

    252KB

  • MD5

    1d89bb27ef47c0b20d7d3738c72b7585

  • SHA1

    db99aa51411357ee323c27c5889df35353820341

  • SHA256

    e0d25e982293a424a36c37dd778100785d24e24a0318e2111b2991c3a1ace120

  • SHA512

    99c98ff4af14d49e7ebceaf36842b3f024bcfa870509f64c6d7e3a2cf1fd6cfe548031b6c0823cbda602c57f9e3e8a15d804a6e8c527cd3d344357e23282d1a5

  • SSDEEP

    1536:Ya+XUOlv4HjcDPEUrSUtD272tfiH149DPEUr0JDPE7r+:Ya+EGgHgDswtaru9DsrJDse

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\smi_gui.exe
    "C:\Users\Admin\AppData\Local\Temp\smi_gui.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2276 -s 1028
      2⤵
        PID:2688

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2276-0-0x000007FEF5BD3000-0x000007FEF5BD4000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2276-1-0x00000000000F0000-0x0000000000136000-memory.dmp

      Filesize

      280KB

      Download

    • memory/2276-2-0x000007FEF5BD0000-0x000007FEF65BC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2276-6-0x0000000000450000-0x000000000045A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2276-5-0x0000000000450000-0x000000000045A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2276-4-0x000007FEF5BD0000-0x000007FEF65BC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2276-7-0x000007FEF5BD0000-0x000007FEF65BC000-memory.dmp

      Filesize

      9.9MB

      Download