Overview

overview

8

Static

static

18dcaead28...12.exe

windows7-x64

8

18dcaead28...12.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2022, 00:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18dcaead28247cd23490af8bdef9c48945de43db2b1cbda92ed069d074ce5612.exe

  • Size

    184KB

  • MD5

    9255d99c1c4eb4b7b4aabdb4aae1dec6

  • SHA1

    8c55e6b16241b7022e8f9dce03482c0c87e9aaf0

  • SHA256

    18dcaead28247cd23490af8bdef9c48945de43db2b1cbda92ed069d074ce5612

  • SHA512

    8ba91ec692efa2050f376eeec65f38f68e649100001311873f6426908f9892dd1231f98273827f4c677317b12afd3c7f4bd07419ef1b0d2f713ec1011f49c07c

  • SSDEEP

    3072:++V2Uz616rBNEbGdtV8P7xWmbsSw1UKqjlU3YZhIrcNCcN5Q4jkXqSbo4nvSMgHt:B2Uz7MEExf+IZ2qLGqSbokvSMgbD0Re

Score
7/10

Malware Config

Signatures

  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18dcaead28247cd23490af8bdef9c48945de43db2b1cbda92ed069d074ce5612.exe
    "C:\Users\Admin\AppData\Local\Temp\18dcaead28247cd23490af8bdef9c48945de43db2b1cbda92ed069d074ce5612.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4772-132-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4772-133-0x0000000000590000-0x00000000005CF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4772-134-0x0000000000590000-0x00000000005CF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4772-135-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4772-136-0x0000000000590000-0x00000000005CF000-memory.dmp

    Filesize

    252KB

    Download