Analysis

  • max time kernel
    11s
  • max time network
    41s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    05-02-2022 15:02

General

  • Target

    620afd275ca028cab2bd314d4caa6d2741d6aa601882b2d6559ff2f5c8da69d1.exe

  • Size

    2.3MB

  • MD5

    414e1018d33bfe42622adba6982926af

  • SHA1

    774d2084cad809204518e242231d5cc7a12005d8

  • SHA256

    620afd275ca028cab2bd314d4caa6d2741d6aa601882b2d6559ff2f5c8da69d1

  • SHA512

    a91b51eebe7439bdf735131abdb32c51f6cacbc53ba37bba29f35ae81ffb859a70e75e4d6411070129452b531a9bf238b17771ec90485e9c758a6c87b241221b

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\620afd275ca028cab2bd314d4caa6d2741d6aa601882b2d6559ff2f5c8da69d1.exe
    "C:\Users\Admin\AppData\Local\Temp\620afd275ca028cab2bd314d4caa6d2741d6aa601882b2d6559ff2f5c8da69d1.exe"
    1⤵
      PID:1292
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:1048

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1048-136-0x0000028A772E0000-0x0000028A772F0000-memory.dmp
      Filesize

      64KB

    • memory/1048-137-0x0000028A797B0000-0x0000028A797B4000-memory.dmp
      Filesize

      16KB