Overview

overview

10

Static

static

10

2d123daaed...92.exe

windows7_x64

1

2d123daaed...92.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    152s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    25-05-2022 01:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d123daaed835ad3ccfe84a2fd14840a8f3665ab62108aa9c21f4f9e9e6b2d92.exe

  • Size

    378KB

  • MD5

    8c5624b50939d46b9eee1627269ca01d

  • SHA1

    4ad3050c7650409d814e9c249891f7d7e8cf7b63

  • SHA256

    2d123daaed835ad3ccfe84a2fd14840a8f3665ab62108aa9c21f4f9e9e6b2d92

  • SHA512

    199679b106053ef75f38715ad21ab2e6c144ab3c9a57c04761c107ca640ae466bd9d6d6cdd019750d4fe4aeb18b212beab8815044e6e1abe6ca6df436e18a46f

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d123daaed835ad3ccfe84a2fd14840a8f3665ab62108aa9c21f4f9e9e6b2d92.exe
    "C:\Users\Admin\AppData\Local\Temp\2d123daaed835ad3ccfe84a2fd14840a8f3665ab62108aa9c21f4f9e9e6b2d92.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:1176

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1176-130-0x00007FF9698E0000-0x00007FF96A316000-memory.dmp
    Filesize

    10.2MB

    Download