Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
11-07-2022 11:31
General
-
Target
4393b05a23f05af255589f1c32935811d2e6a8f112e54c956b8c52051e0a4669-unpack.exe
-
Size
934KB
-
MD5
9fb987b3f3c05b245fe4d9b867296f3f
-
SHA1
85f479e1198ca53cb34a246ebe0f5843d94c36f2
-
SHA256
06429eae76265388efa2e75096af8ed944a094ff8edcdcbed231a3a12cb5f7ee
-
SHA512
73da4822024fb48d2161328f4e0dbf839d94be37b778a26f32f44dc1318cb4afb27b58e5063d9d51714bcf5f3aae92361567be4eed43aee54fd5ed9697632bea
Score
10/10
Malware Config
Signatures
-
suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
-
Unexpected DNS network traffic destination 13 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4393b05a23f05af255589f1c32935811d2e6a8f112e54c956b8c52051e0a4669-unpack.exe"C:\Users\Admin\AppData\Local\Temp\4393b05a23f05af255589f1c32935811d2e6a8f112e54c956b8c52051e0a4669-unpack.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1516-54-0x00000000755A1000-0x00000000755A3000-memory.dmpFilesize
8KB
-
memory/1516-55-0x0000000002D00000-0x0000000003D00000-memory.dmpFilesize
16.0MB
-
memory/1516-56-0x0000000002D00000-0x0000000003D00000-memory.dmpFilesize
16.0MB