Overview

overview

10

Static

static

10

38nPFNXf.exe

windows7_x64

1

38nPFNXf.exe

windows10_x64

1

Analysis

  • max time kernel
    13s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    08-12-2020 06:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38nPFNXf.exe

  • Size

    101KB

  • MD5

    c6e9d1c5ceaea3d5d95f528e963a61fa

  • SHA1

    ba3470fe5a55fae38359d8db822759e461808228

  • SHA256

    202ece775db1ba2d03b0a2dce3572ebef19f6ba2bdc0a19a16e988bd5efae171

  • SHA512

    65e8ef7dd9c2c8cc59ac7f552843d9c8b487430b04e11724ad81dfc662d9da3e57e452857801dd465ab5279d83e985ac5700258e397550dd0ccc5b3f66bf649b

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38nPFNXf.exe
    "C:\Users\Admin\AppData\Local\Temp\38nPFNXf.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:4764

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4764-2-0x00007FFBE4670000-0x00007FFBE5010000-memory.dmp
    Filesize

    9.6MB

    Download