Overview

overview

10

Static

static

10

ihtaovminu10.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    128s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-09-2022 17:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ihtaovminu10.exe

  • Size

    8.7MB

  • MD5

    c73a182084608ab35dde1b979947369e

  • SHA1

    b0ac46f424b9a9d194ab3988b0a3216beed1365e

  • SHA256

    e64d70f67e33d8620e5145bc03abba656a81b1534d1e302d911e800028a7b218

  • SHA512

    ee4afd389426dceba898e98e1a0c0a047ee8bdacb9ff67e2a1cf9df803866150a3a03b8623212a36551d4ddcbcf3fa2f2757d46280ac2f37123b5a6581abdf01

  • SSDEEP

    3072:+vZynS9k4W96euI0ZEr7nAsxfw52QBgDg2FMR0:+vZynS9kf96waEr7nvFQUeR0

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ihtaovminu10.exe
    "C:\Users\Admin\AppData\Local\Temp\ihtaovminu10.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3028-132-0x000001A395960000-0x000001A39621C000-memory.dmp

    Filesize

    8.7MB

    Download

  • memory/3028-133-0x00007FFC52A60000-0x00007FFC53521000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3028-134-0x00007FFC52A60000-0x00007FFC53521000-memory.dmp

    Filesize

    10.8MB

    Download