Overview

overview

10

Static

static

eea6030d71...74.exe

windows7_x64

10

eea6030d71...74.exe

windows10_x64

10

Analysis

  • max time kernel
    3s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    25-10-2020 02:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eea6030d71228d173ca040b33625151834941d2605513bc097b2f553ad09e574.exe

  • Size

    63KB

  • MD5

    cb2787afad184a3aa6e43a305fd0b98b

  • SHA1

    d3acf4090423b15554c0f96585145ef718d084cc

  • SHA256

    eea6030d71228d173ca040b33625151834941d2605513bc097b2f553ad09e574

  • SHA512

    26a1357dc85a2f0a66e42ad3eb07c2c277c76ca4bfe7e69c2a802fe4d4fd3b8d4cfa96f36f710612f27a8abe05c8a88936250ed28c7f9f05722f4b9a98016134

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eea6030d71228d173ca040b33625151834941d2605513bc097b2f553ad09e574.exe
    "C:\Users\Admin\AppData\Local\Temp\eea6030d71228d173ca040b33625151834941d2605513bc097b2f553ad09e574.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1592

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads