Overview

overview

10

Static

static

10

191be51494...14.exe

windows7_x64

6

191be51494...14.exe

windows10_x64

6

Analysis

  • max time kernel
    137s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    29/01/2022, 20:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    191be51494ba626d039470f78dc140b41c3d81ff71dd069ef118b5a8c76b0714.exe

  • Size

    106KB

  • MD5

    6746c430f978d0bc9bbecff87c651fa2

  • SHA1

    0edc71cc01ec8d16aeddf0c807bb696966c83266

  • SHA256

    191be51494ba626d039470f78dc140b41c3d81ff71dd069ef118b5a8c76b0714

  • SHA512

    4f459b790e6b58eaf1a9550c95f87cb4f73a1c0e32dc6ce61ed5686c706f602b024d1e414bdbd4724d46e17e82da110f55ca5cbc8e2fdc33138e161e1ef40ec6

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\191be51494ba626d039470f78dc140b41c3d81ff71dd069ef118b5a8c76b0714.exe
    "C:\Users\Admin\AppData\Local\Temp\191be51494ba626d039470f78dc140b41c3d81ff71dd069ef118b5a8c76b0714.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1592

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1592-54-0x0000000076151000-0x0000000076153000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1592-55-0x0000000000140000-0x0000000000141000-memory.dmp

    Filesize

    4KB

    Download