Analysis

  • max time kernel
    152s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    05/02/2022, 15:34

General

  • Target

    55c9174f8e46852cecde40c6816bdb6758b033113a6383dc1bcebdf77fd63be4.exe

  • Size

    222KB

  • MD5

    00bfe3c9df49cc312e8f831c2fb122b4

  • SHA1

    f4523061afa1b2e538b869a93a6f39e712685e66

  • SHA256

    55c9174f8e46852cecde40c6816bdb6758b033113a6383dc1bcebdf77fd63be4

  • SHA512

    f78de5528e6c59d6b463a7cc341b07d3104da5c9020b53872665e15fe85a387f4e7a029492ec0cc76e0923e89952e5feafea2460043bad84763f14da2237974d

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55c9174f8e46852cecde40c6816bdb6758b033113a6383dc1bcebdf77fd63be4.exe
    "C:\Users\Admin\AppData\Local\Temp\55c9174f8e46852cecde40c6816bdb6758b033113a6383dc1bcebdf77fd63be4.exe"
    1⤵
      PID:4396
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4184

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4184-130-0x0000020623FA0000-0x0000020623FB0000-memory.dmp

            Filesize

            64KB

          • memory/4184-137-0x0000020626C20000-0x0000020626C24000-memory.dmp

            Filesize

            16KB