Overview

overview

6

Static

static

3

example.exe

windows10-ltsc 2021-x64

6

Analysis

  • max time kernel
    98s
  • max time network
    144s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    31-10-2024 08:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    example.exe

  • Size

    47KB

  • MD5

    c6dd590bef5e5baa2dea6ab07080da4e

  • SHA1

    9aaee146e37a67498631350ff3a152dc0177d68a

  • SHA256

    44fb7552282fa3d1b429ec670a43a1c3e13a59725ffb8ddfdcb9de6c955b7bb5

  • SHA512

    1df3491cc52042d583afbfbf0ee5d464c518d5c03f8ec0830a9a5182a4462f153917f2ffd42e6abf3121530762797d592411be304db34eae24907027519a15ab

  • SSDEEP

    768:GtpfgdIk3jT0loIusLtEz710dndLGkAv5vRfjHDN:Gt54nT0la710dndgvRfHN

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\example.exe
    "C:\Users\Admin\AppData\Local\Temp\example.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2404
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c mode con cols=55 lines=15
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3532
      • C:\Windows\system32\mode.com
        mode con cols=55 lines=15
        3⤵
          PID:4244
      • C:\Users\Admin\AppData\Local\Temp\example.exe
        C:\Users\Admin\AppData\Local\Temp\example.exe
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3032

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3032-8-0x0000000140000000-0x000000014000C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/3032-9-0x0000000140000000-0x000000014000C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/3032-11-0x0000000140000000-0x000000014000C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/3032-10-0x0000000140000000-0x000000014000C000-memory.dmp

      Filesize

      48KB

      Download