Overview

overview

10

Static

static

10

c0e35d03b4...43.exe

windows7_x64

6

c0e35d03b4...43.exe

windows10_x64

6

Analysis

  • max time kernel
    147s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    29-01-2022 18:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c0e35d03b416060062a28c3c671378fb41f9ba9bb5b2805a9b452f001d07e043.exe

  • Size

    436KB

  • MD5

    43f47d2045ca98265fd4bd4011a04932

  • SHA1

    02090192243dbaa560310f10b27f817206cc02c7

  • SHA256

    c0e35d03b416060062a28c3c671378fb41f9ba9bb5b2805a9b452f001d07e043

  • SHA512

    6563cfe986f05b25fb784ecbd40ad03df1d20fca4591c3ccee7a8687780b28fda942b54f0dd2fca7a59d9417555e1c3c366181b5b501db9067f1a93d4746231c

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c0e35d03b416060062a28c3c671378fb41f9ba9bb5b2805a9b452f001d07e043.exe
    "C:\Users\Admin\AppData\Local\Temp\c0e35d03b416060062a28c3c671378fb41f9ba9bb5b2805a9b452f001d07e043.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1532

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1532-55-0x0000000076851000-0x0000000076853000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1532-56-0x0000000000910000-0x0000000000911000-memory.dmp

    Filesize

    4KB

    Download