Analysis

  • max time kernel
    150s
  • max time network
    162s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    29-01-2022 14:25

General

  • Target

    0638cdef52fd46ad9f6d9064be686e6aecf48b0ea26db6eb28c2954a510479c7.exe

  • Size

    96KB

  • MD5

    f078b5aeaf73831361ecd96a069c9f50

  • SHA1

    18607b8eae4c762e30f743ffef000c717077ea5c

  • SHA256

    0638cdef52fd46ad9f6d9064be686e6aecf48b0ea26db6eb28c2954a510479c7

  • SHA512

    863cf0d7ab2420b88c31b4162a9b4605fdafb1fe3dd84df981c4e6dc80148e0aa915a6648900d88461f0c268d21b37d9aa67dfcd5f4e66e30c9b15e74af73355

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0638cdef52fd46ad9f6d9064be686e6aecf48b0ea26db6eb28c2954a510479c7.exe
    "C:\Users\Admin\AppData\Local\Temp\0638cdef52fd46ad9f6d9064be686e6aecf48b0ea26db6eb28c2954a510479c7.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1576

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1576-54-0x0000000075601000-0x0000000075603000-memory.dmp

    Filesize

    8KB

  • memory/1576-55-0x0000000002020000-0x0000000002021000-memory.dmp

    Filesize

    4KB