Overview

overview

10

Static

static

10

73b80a595e...91.exe

windows7_x64

1

73b80a595e...91.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    152s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    01-02-2022 10:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73b80a595e7fb7519a1ac95eda6e7d58f43a6650c339723af3292cee08de3b91.exe

  • Size

    60KB

  • MD5

    91ef554f3382277c011e24ba6c34f1b5

  • SHA1

    e385ba819c924a91d1e61eabda666e67c600db18

  • SHA256

    73b80a595e7fb7519a1ac95eda6e7d58f43a6650c339723af3292cee08de3b91

  • SHA512

    496d32ea6bb3694e5f4e01e7b175e54f397aa360795c77d33a2a56f74a2bbfcf9049131b0fa46ad3168e893eac7eabf80530ae70bce38986d0dbdd6a48f2c3be

Score
8/10
persistence

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs
    persistence
  • Drops file in Windows directory 6 IoCs
  • Modifies data under HKEY_USERS 41 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73b80a595e7fb7519a1ac95eda6e7d58f43a6650c339723af3292cee08de3b91.exe
    "C:\Users\Admin\AppData\Local\Temp\73b80a595e7fb7519a1ac95eda6e7d58f43a6650c339723af3292cee08de3b91.exe"
    1⤵
      PID:4980
    • C:\Windows\System32\WaaSMedicAgent.exe
      C:\Windows\System32\WaaSMedicAgent.exe 4c2716f4bb6783da4678c6de0058ec87 oKiVtAUHI0eiN+pErxxmDg.0.1.0.0.0
      1⤵
      • Modifies data under HKEY_USERS
      PID:4272
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:1268

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1268-142-0x00000226DB990000-0x00000226DB994000-memory.dmp

      Filesize

      16KB

      Download