Analysis

  • max time kernel
    105s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    31-05-2021 16:57

General

  • Target

    7d8f8ec2d39a504791f4f8cdf32b37c7.exe

  • Size

    24KB

  • MD5

    7d8f8ec2d39a504791f4f8cdf32b37c7

  • SHA1

    224139cabf4b80fbca676fd4f85db24fb31d1ca6

  • SHA256

    1a433fa314830fd8efc752e98db2f4ce58403960eb5570ce7d43ca264d86b596

  • SHA512

    57d9e0b4910d7dc23520114effdef1b4dc9c99b3584c5dbada9505d744fefe95c6c39bd289075bba339568f3872344bf72ff0a558d7c1d78e15ab1061a0df7a1

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7d8f8ec2d39a504791f4f8cdf32b37c7.exe
    "C:\Users\Admin\AppData\Local\Temp\7d8f8ec2d39a504791f4f8cdf32b37c7.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:3680

Network

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Command and Control

Web Service

1
T1102

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3680-114-0x0000000002A60000-0x0000000002A62000-memory.dmp
    Filesize

    8KB