Overview

overview

10

Static

static

NisSrv.exe

windows7-x64

1

NisSrv.exe

windows10-2004-x64

10

circular_29092022.pdf

windows7-x64

1

circular_29092022.pdf

windows10-2004-x64

1

circular_2...df.lnk

windows7-x64

3

circular_2...df.lnk

windows10-2004-x64

10

Analysis

  • max time kernel
    44s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2022 17:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NisSrv.exe

  • Size

    584KB

  • MD5

    85f14631181a8867a2d41122482ba8dc

  • SHA1

    8e2f2bce824c97cb8dd83c1736cd1de6897bb054

  • SHA256

    bbcca0dc10b700c01e557612f009c050ca618f227e0b8be3d4f471dd9d887a18

  • SHA512

    aec36afdc33880622492010ed028e679778abb8470a8e9517f8c241de0f8a158da3ce1c767e7671b5aab14c77624009e05af35472eb0d6c2e411918756f4d855

  • SSDEEP

    6144:6toWmFzltNCF9NuUzSa3YYcahynDzcjzH1DFKH3oGu8EdoXRXHd:6toNFZj4QySHYca0UjzVDFKH3ox5y3

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NisSrv.exe
    "C:\Users\Admin\AppData\Local\Temp\NisSrv.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/620-54-0x0000000000B10000-0x0000000000BA8000-memory.dmp
    Filesize

    608KB

    Download
  • memory/620-55-0x0000000075711000-0x0000000075713000-memory.dmp
    Filesize

    8KB

    Download