Overview

overview

10

Static

static

9

c773993caa...99.exe

windows7_x64

10

c773993caa...99.exe

windows10-2004_x64

4

Analysis

  • max time kernel
    14s
  • max time network
    18s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    05-02-2022 10:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c773993caab5bfa7f121ca1e79713083d5a2d386aebb803f52971e0cc1320599.exe

  • Size

    1.9MB

  • MD5

    f04effdc5bee0d724fb05018f49fc55d

  • SHA1

    e5f05ffc4253b6c4e0e33a01672d55d195d49776

  • SHA256

    c773993caab5bfa7f121ca1e79713083d5a2d386aebb803f52971e0cc1320599

  • SHA512

    0de6e13514c1a40f53d154cb617ceeab9712cb80533af18c06bd470b3a5c1d00e0cb120b45e84ccc8bc0d1881f336fea143f2e438199e2d3e41bb1f9b3df7830

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c773993caab5bfa7f121ca1e79713083d5a2d386aebb803f52971e0cc1320599.exe
    "C:\Users\Admin\AppData\Local\Temp\c773993caab5bfa7f121ca1e79713083d5a2d386aebb803f52971e0cc1320599.exe"
    1⤵
      PID:4468
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:524

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/524-130-0x0000012E16130000-0x0000012E16140000-memory.dmp
      Filesize

      64KB

      Download
    • memory/524-131-0x0000012E16190000-0x0000012E161A0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/524-132-0x0000012E18E90000-0x0000012E18E94000-memory.dmp
      Filesize

      16KB

      Download