Analysis

  • max time kernel
    150s
  • max time network
    188s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    31-05-2021 16:57

General

  • Target

    7d8f8ec2d39a504791f4f8cdf32b37c7.exe

  • Size

    24KB

  • MD5

    7d8f8ec2d39a504791f4f8cdf32b37c7

  • SHA1

    224139cabf4b80fbca676fd4f85db24fb31d1ca6

  • SHA256

    1a433fa314830fd8efc752e98db2f4ce58403960eb5570ce7d43ca264d86b596

  • SHA512

    57d9e0b4910d7dc23520114effdef1b4dc9c99b3584c5dbada9505d744fefe95c6c39bd289075bba339568f3872344bf72ff0a558d7c1d78e15ab1061a0df7a1

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7d8f8ec2d39a504791f4f8cdf32b37c7.exe
    "C:\Users\Admin\AppData\Local\Temp\7d8f8ec2d39a504791f4f8cdf32b37c7.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1660

Network

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Web Service

1
T1102

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1660-60-0x00000000004A0000-0x00000000004A2000-memory.dmp
    Filesize

    8KB

  • memory/1660-61-0x000007FEF2E00000-0x000007FEF3E96000-memory.dmp
    Filesize

    16.6MB