Overview

overview

8

Static

static

de36b591d8...d9.exe

windows7-x64

8

de36b591d8...d9.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    93s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-10-2022 15:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de36b591d8b75857cae047d16b3d9ddd48b5d6d54328ccf5cafaa8a7ed60e1d9.exe

  • Size

    90KB

  • MD5

    67b3a458e5768f93dddabcb2ae1db040

  • SHA1

    3f43fe1bc3daafd7478828fd46f02f1caaa56f8a

  • SHA256

    de36b591d8b75857cae047d16b3d9ddd48b5d6d54328ccf5cafaa8a7ed60e1d9

  • SHA512

    3a958c738db1f03de270c8f1212b76e529c7b3416fe6969114181a63d0031932c1afc4b3f2a6540fba1020f8a7ae153493c14b46c37d025f669992b201a327c6

  • SSDEEP

    768:WeWGCQxs9kGd96NDkSV2bIXzl4CnTDHGsDf8RUFqoD4bDIsFDBnoiQ8hWCp6D53d:1WGxs9kGdYk8wO4Cnt8RUyhoiQ89C5vP

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de36b591d8b75857cae047d16b3d9ddd48b5d6d54328ccf5cafaa8a7ed60e1d9.exe
    "C:\Users\Admin\AppData\Local\Temp\de36b591d8b75857cae047d16b3d9ddd48b5d6d54328ccf5cafaa8a7ed60e1d9.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3392
  • C:\Windows\SysWOW64\Winkvcq.exe
    C:\Windows\SysWOW64\Winkvcq.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Winkvcq.exe
    Filesize

    94KB

    MD5

    b1687406023390a55034483144241c9b

    SHA1

    47b96941c0939c40844f2ca320c5110abb128333

    SHA256

    0b7d0486903a4a7bff3163df09091c42437ee152e3d968f933dbb7b6e22019ce

    SHA512

    79f4c6fe4b8c618102666e4dee08da2df899b0813e76bbeb3cc5242a292e286e8f9c6aafed63d39d5b5257b597c1d2e69b5d288975f2207c7b77e413ac846563

    Download Submit

  • C:\Windows\SysWOW64\Winkvcq.exe
    Filesize

    94KB

    MD5

    b1687406023390a55034483144241c9b

    SHA1

    47b96941c0939c40844f2ca320c5110abb128333

    SHA256

    0b7d0486903a4a7bff3163df09091c42437ee152e3d968f933dbb7b6e22019ce

    SHA512

    79f4c6fe4b8c618102666e4dee08da2df899b0813e76bbeb3cc5242a292e286e8f9c6aafed63d39d5b5257b597c1d2e69b5d288975f2207c7b77e413ac846563

    Download Submit