Analysis
-
max time kernel
47s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
02/10/2022, 10:10
Errors
Reason
Machine shutdown
General
-
Target
36e8f25b777f815132291890af012e49b819c6126b748f6a56b11a78ff3c89fe.exe
-
Size
100KB
-
MD5
57dc3bbb9f9affad307f88b5ef1e2973
-
SHA1
e3ec5fa6f95f755053ad784339ac915e1cdda916
-
SHA256
36e8f25b777f815132291890af012e49b819c6126b748f6a56b11a78ff3c89fe
-
SHA512
364a8b9a88514b46e7efb482859f20c03fc8a862be92642b9557c156201f171fa7840aea036af96e6ab0b5f8f4b1162e91f4c7667769c23425350643f5d7f6e1
-
SSDEEP
1536:aEFPLbPmmMwZA4oFreO4GLjRQFi9wLdy7uZXMKLDXLHosSSSeSSS+y:aGfyVbjRQwq46XbrLHoI
Score
8/10
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Drops file in System32 directory 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\36e8f25b777f815132291890af012e49b819c6126b748f6a56b11a78ff3c89fe.exe"C:\Users\Admin\AppData\Local\Temp\36e8f25b777f815132291890af012e49b819c6126b748f6a56b11a78ff3c89fe.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
104KB
-
Filesize
104KB
-
Filesize
8KB