Overview

overview

10

Static

static

10

140ba40d2a...91.exe

windows7_x64

6

140ba40d2a...91.exe

windows10_x64

6

Analysis

  • max time kernel
    143s
  • max time network
    161s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    29/01/2022, 17:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    140ba40d2a33c67b38a909ca076a0989632fbefc17da9574e727925f066d8e91.exe

  • Size

    82KB

  • MD5

    71b4bbddf46e1990210742a406c490bf

  • SHA1

    424234ca7a12d3b833cb372fa6bd4f1ee0697d54

  • SHA256

    140ba40d2a33c67b38a909ca076a0989632fbefc17da9574e727925f066d8e91

  • SHA512

    934d5fc98a1754ac854eed1205f523c756b6d3074dca9cb9d23ba06922b4dd4cc0413961820d1c39ef171785568f7d8ec8b79f16ce43c02ddfc5062d897c4a44

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\140ba40d2a33c67b38a909ca076a0989632fbefc17da9574e727925f066d8e91.exe
    "C:\Users\Admin\AppData\Local\Temp\140ba40d2a33c67b38a909ca076a0989632fbefc17da9574e727925f066d8e91.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1592

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1592-54-0x0000000076421000-0x0000000076423000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1592-55-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

    Filesize

    4KB

    Download