Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
14-10-2021 05:18
Static task
static1
Behavioral task
behavioral1
Sample
208de5a92642edc4f0bbf3b38af71744.bin.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
208de5a92642edc4f0bbf3b38af71744.bin.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
208de5a92642edc4f0bbf3b38af71744.bin.exe
-
Size
1.5MB
-
MD5
208de5a92642edc4f0bbf3b38af71744
-
SHA1
060628b2b0348d6e10ff039b20d8eb38e839b0ab
-
SHA256
acc75dfbaef0be05c2cbaf346b398b95348dbc065cd2306ba5983129e266e7a0
-
SHA512
a8b9bfc63b4fc5efb9a8c251de8bd011a073fb786b839baa9b6024ec434a8814f27768813f823e268f0fd3ca0cbe6ab7af3c5420d7aeb04bc7eb5d449040c4d9
Score
10/10
Malware Config
Signatures
-
suricata: ET MALWARE Suspected Powershell Empire GET M1
suricata: ET MALWARE Suspected Powershell Empire GET M1
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
208de5a92642edc4f0bbf3b38af71744.bin.exepid process 1652 208de5a92642edc4f0bbf3b38af71744.bin.exe 1652 208de5a92642edc4f0bbf3b38af71744.bin.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
208de5a92642edc4f0bbf3b38af71744.bin.exedescription pid process Token: SeDebugPrivilege 1652 208de5a92642edc4f0bbf3b38af71744.bin.exe Token: SeDebugPrivilege 1652 208de5a92642edc4f0bbf3b38af71744.bin.exe