Overview

overview

6

Static

static

2e8a7fe250...4f.exe

windows7_x64

6

2e8a7fe250...4f.exe

windows10-2004_x64

6

Analysis

  • max time kernel
    136s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    22-06-2022 08:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e8a7fe250d97d0157a4ae4c4a675ccf5693db2d5cf2f0409c72e8df835bf94f.exe

  • Size

    404KB

  • MD5

    527b7f44376120b799c6a45a20b236a7

  • SHA1

    11b74d8147b67d05192aa44bde711f5ce355f638

  • SHA256

    2e8a7fe250d97d0157a4ae4c4a675ccf5693db2d5cf2f0409c72e8df835bf94f

  • SHA512

    1b19afa52faa7eb393d66fd2b6ebe7f0f2430aa41cfb68266f163d2953b7bbb0bfa2e9e4f95772638f012ca11aeee1f299ff152ec4674944909daad75c7f33c7

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e8a7fe250d97d0157a4ae4c4a675ccf5693db2d5cf2f0409c72e8df835bf94f.exe
    "C:\Users\Admin\AppData\Local\Temp\2e8a7fe250d97d0157a4ae4c4a675ccf5693db2d5cf2f0409c72e8df835bf94f.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1932

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1932-54-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/1932-56-0x00000000757C1000-0x00000000757C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1932-57-0x0000000000270000-0x0000000000276000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1932-58-0x0000000000270000-0x0000000000276000-memory.dmp

    Filesize

    24KB

    Download