8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb

Resubmissions

21-10-2021 06:31

211021-g96k4ahhg8 6

21-10-2021 06:26

211021-g7pjssagfk 6

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-en-20210920
submitted
21-10-2021 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe
Size

684KB
MD5

2740f0b868f836a478de72a5b3f3a270
SHA1

4c4f2bbe3f49b17b04440c60f31293cb1431a867
SHA256

8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb
SHA512

4a2f565d6ed9f814224f91171e211fb7b45de80de0e8487ec11ce7c1f1195109239fa6a7892288c4a176b7b217a673f94f0bd5ddcfcb7a0c85e9cbcbc94bb878

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe

pid	process
1544	8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe
1544	8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe
1544	8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe
1544	8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe
1544	8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe
1544	8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe
1544	8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe
1544	8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe
1544	8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe
1544	8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe
1544	8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe

C:\Users\Admin\AppData\Local\Temp\8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe
"C:\Users\Admin\AppData\Local\Temp\8f21ac40c116f25276c5c52a64ef883bd80d28a5d09f589cbc7180ac4b009abb.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:1544

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1544-53-0x0000000074B91000-0x0000000074B93000-memory.dmp

Filesize
8KB

Download