Overview

overview

10

Static

static

10

338920c50a...70.exe

windows7_x64

6

338920c50a...70.exe

windows10_x64

6

Analysis

  • max time kernel
    152s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    29/01/2022, 17:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    338920c50a0fbccf537f07c78eaaa0a8665b96131bedc107a74be6124a06d370.exe

  • Size

    89KB

  • MD5

    82377fcf288e9db675ab24cbf76ea032

  • SHA1

    c0ab9e722ebab024697c3ac61b8a3d26c011fb49

  • SHA256

    338920c50a0fbccf537f07c78eaaa0a8665b96131bedc107a74be6124a06d370

  • SHA512

    0f325e93f13c0b2a74c0db3bf0f19606c00ba730d28ff9e9204baf119a6d25fdb3e4a6ee9a5d87e50e3229cd99cde788b5550b8f34a61e160411a6db919fd878

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\338920c50a0fbccf537f07c78eaaa0a8665b96131bedc107a74be6124a06d370.exe
    "C:\Users\Admin\AppData\Local\Temp\338920c50a0fbccf537f07c78eaaa0a8665b96131bedc107a74be6124a06d370.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1680

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1680-54-0x0000000075891000-0x0000000075893000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1680-55-0x0000000000550000-0x0000000000551000-memory.dmp

    Filesize

    4KB

    Download