Overview

overview

10

Static

static

10

b588823eb5...42.exe

windows7_x64

1

b588823eb5...42.exe

windows10-2004_x64

4

Analysis

  • max time kernel
    186s
  • max time network
    205s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    09-02-2022 00:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b588823eb5c65f36d067d496881d9c704d3ba57100c273656a56a43215f35442.exe

  • Size

    2.6MB

  • MD5

    d7a7fd3a7e3501114fd0049457f5ce09

  • SHA1

    3e794a584d75c2ceb07287fe450dcdc4d7ce949a

  • SHA256

    b588823eb5c65f36d067d496881d9c704d3ba57100c273656a56a43215f35442

  • SHA512

    404c7ac446b4f08253fed5e563b8a7921afd09076d185d0eddd357cb9547da3bb1492e539197948c493390f169db7fcef42be488ab782272f020a476f55b2b73

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b588823eb5c65f36d067d496881d9c704d3ba57100c273656a56a43215f35442.exe
    "C:\Users\Admin\AppData\Local\Temp\b588823eb5c65f36d067d496881d9c704d3ba57100c273656a56a43215f35442.exe"
    1⤵
      PID:556
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:972
    • C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
      C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:1604

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/556-130-0x0000000000697000-0x000000000072A000-memory.dmp

      Filesize

      588KB

      Download

    • memory/556-131-0x0000000000401000-0x000000000040D000-memory.dmp

      Filesize

      48KB

      Download

    • memory/972-132-0x00000201B7180000-0x00000201B7190000-memory.dmp

      Filesize

      64KB

      Download

    • memory/972-133-0x00000201B7960000-0x00000201B7970000-memory.dmp

      Filesize

      64KB

      Download

    • memory/972-134-0x00000201BA560000-0x00000201BA564000-memory.dmp

      Filesize

      16KB

      Download