Analysis
-
max time kernel
106s -
max time network
93s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
07-04-2021 04:47
General
-
Target
dl8.exe
-
Size
271KB
-
MD5
0a6e27aa3415f502af6585bddf7e0d3e
-
SHA1
a8bdb01ef8a6e75ec200c5d4f6d9f32539dca9f2
-
SHA256
210c46aae3d71ecbac79447d124d895dded804c08342b17258cd4b400b0bebe0
-
SHA512
abd3b3d4e6251fe5231bf45186b43cb1d4aa5dc36fd79e71e4bf010d9adfbf2c6837d4606795be97a00911cd5d06326d7ed38656dbe7827ed33a59b0f140d479
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dl8.exe"C:\Users\Admin\AppData\Local\Temp\dl8.exe"1⤵
-
C:\Windows\system32\notepad.exe"C:\Windows\system32\notepad.exe"1⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-file" "C:\Users\Admin\Desktop\PingTest.ps1" "-Command" "if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1012-4-0x000007FEF63D0000-0x000007FEF664A000-memory.dmpFilesize
2.5MB
-
memory/1428-2-0x000007FEFBF81000-0x000007FEFBF83000-memory.dmpFilesize
8KB
-
memory/1588-5-0x000007FEF5740000-0x000007FEF612C000-memory.dmpFilesize
9.9MB
-
memory/1588-6-0x0000000002270000-0x0000000002271000-memory.dmpFilesize
4KB
-
memory/1588-7-0x000000001AB60000-0x000000001AB61000-memory.dmpFilesize
4KB
-
memory/1588-8-0x0000000002450000-0x0000000002451000-memory.dmpFilesize
4KB
-
memory/1588-9-0x0000000002600000-0x0000000002602000-memory.dmpFilesize
8KB
-
memory/1588-10-0x0000000002604000-0x0000000002606000-memory.dmpFilesize
8KB
-
memory/1588-11-0x00000000022B0000-0x00000000022B1000-memory.dmpFilesize
4KB