Resubmissions
12-11-2021 18:04
211112-wnzb8aahhm 1019-11-2020 10:08
201119-rhwlt38jrx 1018-11-2020 17:26
201118-htd4fq29va 10Analysis
-
max time kernel
1715s -
max time network
1786s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
19-11-2020 10:08
General
-
Target
OnlineInstaller.exe
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Checks for any installed AV software in registry 1 TTPs 1 IoCs
-
Drops file in System32 directory 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\OnlineInstaller.exe"C:\Users\Admin\AppData\Local\Temp\OnlineInstaller.exe"1⤵
- Checks for any installed AV software in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\OnlineInstaller.tmpC:\Users\Admin\AppData\Local\Temp\OnlineInstaller.tmp -install2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
4b042bfd9c11ab6a3fb78fa5c34f55d0
SHA1b0f506640c205d3fbcfe90bde81e49934b870eab
SHA25659c662a5207c6806046205348b22ee45da3f685fe022556716dbbd6643e61834
SHA512dae5957c8eee5ae7dd106346f7ea349771b693598f3d4d54abb39940c3d1a0b5731c8d4e07c29377838988a1e93dcd8c2946ce0515af87de61bca6de450409d3
-
MD5
4b042bfd9c11ab6a3fb78fa5c34f55d0
SHA1b0f506640c205d3fbcfe90bde81e49934b870eab
SHA25659c662a5207c6806046205348b22ee45da3f685fe022556716dbbd6643e61834
SHA512dae5957c8eee5ae7dd106346f7ea349771b693598f3d4d54abb39940c3d1a0b5731c8d4e07c29377838988a1e93dcd8c2946ce0515af87de61bca6de450409d3
-