Analysis
-
max time kernel
9s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
19-01-2021 16:18
Static task
static1
Behavioral task
behavioral1
Sample
aLjBjGUvWecwGptNRQryBtRBaVCtO.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
aLjBjGUvWecwGptNRQryBtRBaVCtO.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
aLjBjGUvWecwGptNRQryBtRBaVCtO.exe
-
Size
215KB
-
MD5
db3f95f2c39e8547f1fa72c608a8be11
-
SHA1
12c449b97c31faf2a43bd8eb3e91e9b1fd15672c
-
SHA256
25f6ed9bb32723c139d4abfccf345db631a8483dde664eabd956071ee4b08de4
-
SHA512
d72698da82a4d80e460405101b7de3ec33b4d9baa9be3fe53950c3d9d46646e3d4722767d094d2754bdb29cdec7aadcd985df3fe10d01f4d72d521bf0b5fc0ee
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
aLjBjGUvWecwGptNRQryBtRBaVCtO.exepid process 1740 aLjBjGUvWecwGptNRQryBtRBaVCtO.exe 1740 aLjBjGUvWecwGptNRQryBtRBaVCtO.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
aLjBjGUvWecwGptNRQryBtRBaVCtO.exedescription pid process Token: SeDebugPrivilege 1740 aLjBjGUvWecwGptNRQryBtRBaVCtO.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
aLjBjGUvWecwGptNRQryBtRBaVCtO.exedescription pid process target process PID 1740 wrote to memory of 328 1740 aLjBjGUvWecwGptNRQryBtRBaVCtO.exe dw20.exe PID 1740 wrote to memory of 328 1740 aLjBjGUvWecwGptNRQryBtRBaVCtO.exe dw20.exe PID 1740 wrote to memory of 328 1740 aLjBjGUvWecwGptNRQryBtRBaVCtO.exe dw20.exe PID 1740 wrote to memory of 328 1740 aLjBjGUvWecwGptNRQryBtRBaVCtO.exe dw20.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\aLjBjGUvWecwGptNRQryBtRBaVCtO.exe"C:\Users\Admin\AppData\Local\Temp\aLjBjGUvWecwGptNRQryBtRBaVCtO.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 5162⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/328-4-0x0000000000000000-mapping.dmp
-
memory/328-5-0x0000000001D20000-0x0000000001D31000-memory.dmpFilesize
68KB
-
memory/328-7-0x0000000001D90000-0x0000000001D91000-memory.dmpFilesize
4KB
-
memory/1740-2-0x00000000766F1000-0x00000000766F3000-memory.dmpFilesize
8KB
-
memory/1740-3-0x00000000004D0000-0x00000000004D1000-memory.dmpFilesize
4KB