Resubmissions

16-11-2022 11:58

221116-n5aq7aad43 8

09-10-2020 13:09

201009-kl8as1qf7e 8

Analysis

  • max time kernel
    14s
  • max time network
    113s
  • platform
    windows10_x64
  • resource
    win10v200722
  • submitted
    09-10-2020 13:09

General

  • Target

    9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe

  • Size

    6.0MB

  • MD5

    127e7dce984cc0acea750746b485c101

  • SHA1

    2e920f4583c38f811fdad739ebaf5064badec42d

  • SHA256

    9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d

  • SHA512

    408196e79f98a68961c478d0125f5c7b76b9979c26c23a767fc605bd2fc5cdad64a72d3a3c06e2c934f3c86b70e662b3bd27a4b818dc75f4daea923c586d4eb6

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3488

Network

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads