Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    05-02-2021 14:48

General

  • Target

    ztgjaTAB.exe

  • Size

    28KB

  • MD5

    9c310afa34927179f09153add55767b6

  • SHA1

    7a36199b70cd194ac5cd0d388c6d98e16a2821f8

  • SHA256

    95094182dfdf51212b92c876fef1a796965814bb77bb514c33bbe4bc0ce3d34e

  • SHA512

    e5d6fdc59a1bb81b45fdf5283eb6438c865d5700650ec36e4844c13cdd2437072d10907c8fc71a1319755313466aace4cc4445e05bf03abed7f91fb5632e956c

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ztgjaTAB.exe
    "C:\Users\Admin\AppData\Local\Temp\ztgjaTAB.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:880

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/880-2-0x0000000073BB0000-0x000000007429E000-memory.dmp

    Filesize

    6.9MB

  • memory/880-3-0x0000000000610000-0x0000000000611000-memory.dmp

    Filesize

    4KB

  • memory/880-5-0x0000000004F80000-0x0000000004F81000-memory.dmp

    Filesize

    4KB

  • memory/880-6-0x00000000029D0000-0x00000000029D1000-memory.dmp

    Filesize

    4KB

  • memory/880-7-0x0000000005120000-0x0000000005121000-memory.dmp

    Filesize

    4KB

  • memory/880-8-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

    Filesize

    4KB