Overview

overview

10

Static

static

208de5a926...in.exe

windows7_x64

10

208de5a926...in.exe

windows10_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    14-10-2021 05:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    208de5a92642edc4f0bbf3b38af71744.bin.exe

  • Size

    1.5MB

  • MD5

    208de5a92642edc4f0bbf3b38af71744

  • SHA1

    060628b2b0348d6e10ff039b20d8eb38e839b0ab

  • SHA256

    acc75dfbaef0be05c2cbaf346b398b95348dbc065cd2306ba5983129e266e7a0

  • SHA512

    a8b9bfc63b4fc5efb9a8c251de8bd011a073fb786b839baa9b6024ec434a8814f27768813f823e268f0fd3ca0cbe6ab7af3c5420d7aeb04bc7eb5d449040c4d9

Score
10/10
suricata

Malware Config

Signatures

  • suricata: ET MALWARE Suspected Powershell Empire GET M1

    suricata: ET MALWARE Suspected Powershell Empire GET M1

    suricata
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\208de5a92642edc4f0bbf3b38af71744.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\208de5a92642edc4f0bbf3b38af71744.bin.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/740-114-0x00000215097E0000-0x00000215097EE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/740-115-0x00000215097F0000-0x00000215097FE000-memory.dmp
    Filesize

    56KB

    Download