Overview

overview

8

Static

static

ca984f49a4...07.exe

windows7-x64

8

ca984f49a4...07.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    43s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2022 15:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca984f49a4634dce9f1b926714eaf708d93fee3248b573bc6e7451037c1b2507.exe

  • Size

    357KB

  • MD5

    6d88788314eb6dd28d2322db38a7f7a0

  • SHA1

    70760b78f815a6e19a15d0f0722e5e7ad51ea0ca

  • SHA256

    ca984f49a4634dce9f1b926714eaf708d93fee3248b573bc6e7451037c1b2507

  • SHA512

    eb3e16f0493e383c57da0108352adfd657fb50005202d8ed0f65356c5c5e4b296bfc30754f1d1d40537ebc8abc87a49c831fc6993ba36f564aa7be749e5b1cbf

  • SSDEEP

    6144:MUcabT51EXE1Vxo8ISv+CgLNWLEXE1Vxo8ISv:Wanbjxo8ISXgJW7jxo8IS

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca984f49a4634dce9f1b926714eaf708d93fee3248b573bc6e7451037c1b2507.exe
    "C:\Users\Admin\AppData\Local\Temp\ca984f49a4634dce9f1b926714eaf708d93fee3248b573bc6e7451037c1b2507.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:620
  • C:\Windows\SysWOW64\Winkhs.exe
    C:\Windows\SysWOW64\Winkhs.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Winkhs.exe
    Filesize

    85KB

    MD5

    03be5791090467c5b18cf1d2e5dc2411

    SHA1

    22a49c03dddf84e5f2743ba1aa7d3710f7881d1d

    SHA256

    4b64cb54020c6be1907fb6503c5457b3ac3cb8efb949d3590f44fcd0f9416974

    SHA512

    d3f573e8f9f292a2b0f3c99f1fea1598ff6cee30038c0bb7359b8595a4df5599761d816ca723309a4a6f21af8340740447b4e521751260a0d1d6765ae11cf7fd

    Download Submit

  • C:\Windows\SysWOW64\Winkhs.exe
    Filesize

    85KB

    MD5

    03be5791090467c5b18cf1d2e5dc2411

    SHA1

    22a49c03dddf84e5f2743ba1aa7d3710f7881d1d

    SHA256

    4b64cb54020c6be1907fb6503c5457b3ac3cb8efb949d3590f44fcd0f9416974

    SHA512

    d3f573e8f9f292a2b0f3c99f1fea1598ff6cee30038c0bb7359b8595a4df5599761d816ca723309a4a6f21af8340740447b4e521751260a0d1d6765ae11cf7fd

    Download Submit