Analysis
-
max time kernel
121s -
max time network
140s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
12-11-2021 18:03
General
-
Target
4b535dbe595f89c3bcaa4f43cc1323a3.virus.exe
-
Size
133KB
-
MD5
4b535dbe595f89c3bcaa4f43cc1323a3
-
SHA1
4162c873be81f5aac6ca0a1ed7f84bfe86ec4262
-
SHA256
e98ca956f4f94b5c8b063327a1fe27fb804bc2e52190a68c577490c3192ae663
-
SHA512
1959b757094e83d24041f3c8e1f993e0df428d87f54a3e8e8dfb0b76922a39027cfc1f1203a91c4c36836c81de94cb870aea33ae8ae4bf8864e93374934ea66d
Score
10/10
Malware Config
Signatures
-
suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2
suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b535dbe595f89c3bcaa4f43cc1323a3.virus.exe"C:\Users\Admin\AppData\Local\Temp\4b535dbe595f89c3bcaa4f43cc1323a3.virus.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1712-55-0x0000000000020000-0x0000000000021000-memory.dmpFilesize
4KB
-
memory/1712-56-0x0000000074F21000-0x0000000074F23000-memory.dmpFilesize
8KB