Overview

overview

10

Static

static

10

32ecfe02df...07.exe

windows7_x64

10

32ecfe02df...07.exe

windows10_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    24-07-2021 17:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32ecfe02dff3f6e8ca454c6d1d9b3d07.exe

  • Size

    47KB

  • MD5

    32ecfe02dff3f6e8ca454c6d1d9b3d07

  • SHA1

    6a8a9c9703e474a6a6a8249271a33c275cbecae4

  • SHA256

    11cf7e4634686248d94f71743785791878f2018da0da09f240f9f8a9c766b60d

  • SHA512

    09a14f0ac68867cae57b2457fce3f33e56824a77e82302233b53a4e9336e83a7c50ec9a086b96fe85a06bf0231cd0b25846c843ce9d807f4073b9e5b0e6004c4

Score
10/10
suricata

Malware Config

Signatures

  • suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
    suricata
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32ecfe02dff3f6e8ca454c6d1d9b3d07.exe
    "C:\Users\Admin\AppData\Local\Temp\32ecfe02dff3f6e8ca454c6d1d9b3d07.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1632-60-0x0000000000270000-0x0000000000271000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1632-62-0x0000000075551000-0x0000000075553000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1632-63-0x00000000044D0000-0x00000000044D1000-memory.dmp
    Filesize

    4KB

    Download