Overview

overview

10

Static

static

6feeea9421...cc.exe

windows7_x64

10

6feeea9421...cc.exe

windows10_x64

10

6feeea9421...cc.exe

windows10-2004_x64

4

Resubmissions

22-02-2022 13:18

220222-qj1ftshcc3 10

06-07-2020 07:26

200706-y19694vzp2 1

Analysis

  • max time kernel
    248s
  • max time network
    232s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    22-02-2022 13:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6feeea94219e2b7ffd3837d784201bf28ffd7bc83706401bf656550485d899cc.exe

  • Size

    77KB

  • MD5

    a9fa03b0ee47e03796efe60d4186c484

  • SHA1

    52e788cac7568f07868f2a63e856baa19b5671c0

  • SHA256

    6feeea94219e2b7ffd3837d784201bf28ffd7bc83706401bf656550485d899cc

  • SHA512

    8e149c5568a22a2e18b37d7895465430bdf0af532fdba80a704c0f8eb52645162d880bf9322e8af0c9002e892f3b93e96c0ef103ce5044c449756c5d4834064d

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6feeea94219e2b7ffd3837d784201bf28ffd7bc83706401bf656550485d899cc.exe
    "C:\Users\Admin\AppData\Local\Temp\6feeea94219e2b7ffd3837d784201bf28ffd7bc83706401bf656550485d899cc.exe"
    1⤵
      PID:1240
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4792

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4792-131-0x0000023C5C820000-0x0000023C5C830000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4792-130-0x0000023C5C190000-0x0000023C5C1A0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4792-132-0x0000023C5EF10000-0x0000023C5EF14000-memory.dmp
      Filesize

      16KB

      Download