Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
14-10-2022 17:45
Static task
static1
Behavioral task
behavioral1
Sample
NisSrv.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
NisSrv.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
circular_29092022.pdf
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
circular_29092022.pdf
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
circular_29092022.pdf.lnk
Resource
win7-20220901-en
General
-
Target
NisSrv.exe
-
Size
584KB
-
MD5
85f14631181a8867a2d41122482ba8dc
-
SHA1
8e2f2bce824c97cb8dd83c1736cd1de6897bb054
-
SHA256
bbcca0dc10b700c01e557612f009c050ca618f227e0b8be3d4f471dd9d887a18
-
SHA512
aec36afdc33880622492010ed028e679778abb8470a8e9517f8c241de0f8a158da3ce1c767e7671b5aab14c77624009e05af35472eb0d6c2e411918756f4d855
-
SSDEEP
6144:6toWmFzltNCF9NuUzSa3YYcahynDzcjzH1DFKH3oGu8EdoXRXHd:6toNFZj4QySHYca0UjzVDFKH3ox5y3
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
NisSrv.exedescription pid process Token: SeDebugPrivilege 620 NisSrv.exe