Overview

overview

10

Static

static

10

a86e181902...2f.exe

windows7_x64

6

a86e181902...2f.exe

windows10_x64

6

Analysis

  • max time kernel
    144s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    29-01-2022 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a86e18190270888e9b8703a05c08588ab7fa841fea08ee667accc331c92e642f.exe

  • Size

    59KB

  • MD5

    3ff165ee68d1bc03ae7d4d3baf99b963

  • SHA1

    4ff623b234d7c72d3a8e12cdf90561bdd65be711

  • SHA256

    a86e18190270888e9b8703a05c08588ab7fa841fea08ee667accc331c92e642f

  • SHA512

    9a24e152b5ca8fff5e5a814f5d2aff8a43525451784a439872d2492ef4032cc27e0759befd3dee6ade5f44c2b85ca331c7044cc0d9a991dedbe87f84b596a7a5

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a86e18190270888e9b8703a05c08588ab7fa841fea08ee667accc331c92e642f.exe
    "C:\Users\Admin\AppData\Local\Temp\a86e18190270888e9b8703a05c08588ab7fa841fea08ee667accc331c92e642f.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1364

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1364-54-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1364-55-0x00000000766D1000-0x00000000766D3000-memory.dmp

    Filesize

    8KB

    Download