Analysis
-
max time kernel
141s -
max time network
144s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
29-05-2020 11:13
General
-
Target
1003.exe
-
Size
255KB
-
MD5
0246bb54723bd4a49444aa4ca254845a
-
SHA1
151382e82fbcfdf188b347911bd6a34293c14878
-
SHA256
8cf50ae247445de2e570f19705236ed4b1e19f75ca15345e5f00857243bc0e9b
-
SHA512
8b920699602ad00015ececf7f58a181e311a6726aece237de86fcc455d0e6fcb587fe46f6ef2e86a34fe1c52d835c5e2a547874a7906315247f07daa30e4323a
Score
8/10
Malware Config
Signatures
-
Kills process with taskkill 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run entry to start application 2 TTPs 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1003.exe"C:\Users\Admin\AppData\Local\Temp\1003.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- Adds Run entry to start application
-
C:\Users\Admin\AppData\Roaming\E25D2A1F72.exe"C:\Users\Admin\AppData\Roaming\E25D2A1F72.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
- Executes dropped EXE
- Adds Run entry to start application
-
C:\Windows\system32\taskkill.exe"taskkill" /F /IM 1003.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\E25D2A1F72.exe
-
C:\Users\Admin\AppData\Roaming\E25D2A1F72.exe
-
memory/1092-1-0x0000000000000000-0x0000000000000000-disk.dmp