Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
05-02-2021 14:48
Static task
static1
Behavioral task
behavioral1
Sample
ztgjaTAB.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ztgjaTAB.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
ztgjaTAB.exe
-
Size
28KB
-
MD5
9c310afa34927179f09153add55767b6
-
SHA1
7a36199b70cd194ac5cd0d388c6d98e16a2821f8
-
SHA256
95094182dfdf51212b92c876fef1a796965814bb77bb514c33bbe4bc0ce3d34e
-
SHA512
e5d6fdc59a1bb81b45fdf5283eb6438c865d5700650ec36e4844c13cdd2437072d10907c8fc71a1319755313466aace4cc4445e05bf03abed7f91fb5632e956c
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
ztgjaTAB.exedescription pid process Token: SeDebugPrivilege 880 ztgjaTAB.exe Token: SeDebugPrivilege 880 ztgjaTAB.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/880-2-0x0000000073BB0000-0x000000007429E000-memory.dmpFilesize
6.9MB
-
memory/880-3-0x0000000000610000-0x0000000000611000-memory.dmpFilesize
4KB
-
memory/880-5-0x0000000004F80000-0x0000000004F81000-memory.dmpFilesize
4KB
-
memory/880-6-0x00000000029D0000-0x00000000029D1000-memory.dmpFilesize
4KB
-
memory/880-7-0x0000000005120000-0x0000000005121000-memory.dmpFilesize
4KB
-
memory/880-8-0x0000000005BB0000-0x0000000005BB1000-memory.dmpFilesize
4KB