Overview

overview

10

Static

static

7ebf41b7e0...15.exe

windows7_x64

10

7ebf41b7e0...15.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    4264997s
  • max time network
    58s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    14-01-2022 14:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ebf41b7e0d24473f2ad0b25e354f615.exe

  • Size

    1.0MB

  • MD5

    7ebf41b7e0d24473f2ad0b25e354f615

  • SHA1

    6e9c110ed531f7239ff849a6b7c998d1c958f2d8

  • SHA256

    15cea3c23e9d0f1ec3a748746bd425d642ae25b042b1b36c8364f721235f0f0d

  • SHA512

    83dc1c23462f6f647d049214d9dba23874f3a1ba75815476107a0ffba769521d085a0e831132c09e02fe596290d1ec2ba954d26ec4d51cf7ee8636c2c5d2a24d

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ebf41b7e0d24473f2ad0b25e354f615.exe
    "C:\Users\Admin\AppData\Local\Temp\7ebf41b7e0d24473f2ad0b25e354f615.exe"
    1⤵
      PID:1908
    • C:\Windows\system32\MusNotification.exe
      C:\Windows\system32\MusNotification.exe
      1⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:1440

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads