Analysis
-
max time kernel
131s -
max time network
132s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
19-04-2021 15:48
General
-
Target
SKM_DD3350191107102300.exe
-
Size
457KB
-
MD5
a5e9d51ec0c2752e94ccbbf452100a5e
-
SHA1
548a7e639da0966d1ecd1d4b92e6e527e8b62f53
-
SHA256
891963a81a44a4539492b1c7aaa3c0ff69a758ecafa6968cd242dc62982cc446
-
SHA512
8da6df239103cd6fcaea505e8a97eeb9ecf3338878513dbaa195bd82c82853f5d5aa5e599e43162e4f3d2429c3ab8610526595a8e35eb13ec1f2a3f5e0e5e74a
Score
7/10
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SKM_DD3350191107102300.exe"C:\Users\Admin\AppData\Local\Temp\SKM_DD3350191107102300.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/808-114-0x0000000000020000-0x0000000000021000-memory.dmpFilesize
4KB
-
memory/808-116-0x0000000004ED0000-0x0000000004ED1000-memory.dmpFilesize
4KB
-
memory/808-117-0x0000000004A70000-0x0000000004A71000-memory.dmpFilesize
4KB
-
memory/808-118-0x0000000004B10000-0x0000000004B11000-memory.dmpFilesize
4KB
-
memory/808-119-0x00000000049D0000-0x0000000004ECE000-memory.dmpFilesize
5.0MB
-
memory/808-121-0x0000000005E40000-0x0000000005E61000-memory.dmpFilesize
132KB
-
memory/808-122-0x0000000005EF0000-0x0000000005EF1000-memory.dmpFilesize
4KB
-
memory/808-123-0x0000000005E00000-0x0000000005E01000-memory.dmpFilesize
4KB
-
memory/808-124-0x00000000049D0000-0x0000000004ECE000-memory.dmpFilesize
5.0MB