Overview

overview

10

Static

static

10

ZYUkX7F4.exe

windows7_x64

1

ZYUkX7F4.exe

windows10_x64

1

Analysis

  • max time kernel
    135s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    08-12-2020 08:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ZYUkX7F4.exe

  • Size

    17KB

  • MD5

    f7e9367898ed6ae0b7a8ad4d90cdacca

  • SHA1

    339bca20aec5892a8b1cfa37fa9bae20b3286bd3

  • SHA256

    f709f443072b224af79f87bcf68c9ab90ff3c9b5823e6b7f3bd91f9af97c78ad

  • SHA512

    f0e8ad39d1fee942f70e0e65b1647932265d80c0605fc2b7c51ad551daf241a484363c4a18f52dd2794f108b09d1ca2e21afe11eb6e8095518d1cc8a5e90426b

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ZYUkX7F4.exe
    "C:\Users\Admin\AppData\Local\Temp\ZYUkX7F4.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:648

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/648-2-0x000007FEF5C60000-0x000007FEF65FD000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/648-3-0x000007FEF5C60000-0x000007FEF65FD000-memory.dmp
    Filesize

    9.6MB

    Download