e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d | Triage

Analysis

max time kernel
146s
max time network
172s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-05-2022 22:17

Sharing

Report Analysis Logs

General

Target

e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d.exe
Size

365KB
MD5

def2219991114fbac93aca787579946c
SHA1

e2c877782f16b786db3d569895a23fe9920e2ad4
SHA256

e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d
SHA512

1f5252c63ed6959b96fcc10863dee2f39ef949f2d18905f821fb429d5e471345b7564bd0bccdee22eeefdcced3a883bd0b5bc9e29bbabb2442a17ebdd4793109

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
suricata

Unexpected DNS network traffic destination 9 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description	ioc
Destination IP	1.2.4.8
Destination IP	185.243.215.214
Destination IP	1.2.4.8
Destination IP	114.114.114.114
Destination IP	185.243.215.214
Destination IP	114.114.114.114
Destination IP	185.243.215.214
Destination IP	185.243.215.214
Destination IP	185.243.215.214

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d.exe

description pid process

Token: SeShutdownPrivilege 1752 e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d.exe

C:\Users\Admin\AppData\Local\Temp\e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d.exe
"C:\Users\Admin\AppData\Local\Temp\e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1752-54-0x00000000750C1000-0x00000000750C3000-memory.dmp

Filesize
8KB

Download
memory/1752-55-0x0000000002CD0000-0x0000000003CD0000-memory.dmp

Filesize
16.0MB

Download