Overview

overview

10

Static

static

10

43e973e876...89.exe

windows7_x64

6

43e973e876...89.exe

windows10_x64

6

Analysis

  • max time kernel
    139s
  • max time network
    155s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    29/01/2022, 14:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43e973e87611c27c40b131a880a1718ce9c689dabc82c102aa918e1b920eea89.exe

  • Size

    102KB

  • MD5

    2abf53905c6b0c8f8728a343089723d8

  • SHA1

    f83048f505a2dc298a130d8e4af66fc3eb44863f

  • SHA256

    43e973e87611c27c40b131a880a1718ce9c689dabc82c102aa918e1b920eea89

  • SHA512

    5a0e5f2e443e1a127690b1013c419dd91177e556a134ca9daaae0cc63f65f458b3c9fe82cf73263ad83c1cc4e041cd03f7c0a6b07ea984cb1b1b8d3d68d43c67

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\43e973e87611c27c40b131a880a1718ce9c689dabc82c102aa918e1b920eea89.exe
    "C:\Users\Admin\AppData\Local\Temp\43e973e87611c27c40b131a880a1718ce9c689dabc82c102aa918e1b920eea89.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3204

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3204-118-0x00000000024E0000-0x00000000024E1000-memory.dmp

    Filesize

    4KB

    Download