Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
19-10-2022 08:13
Static task
static1
Behavioral task
behavioral1
Sample
sandy.exe
Resource
win7-20220901-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
sandy.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
sandy.exe
-
Size
195KB
-
MD5
720971089e8f4292320aa9dd28a23aa5
-
SHA1
54f9f9e88cd6791911608a191274ed6bb52bc4cf
-
SHA256
f695fb16617b13ad13327d89c181f68fbfee6a23b09b85db7339637b0da8e197
-
SHA512
8a4b647a5155f795797836db66de7e7247bfbb5fc9bff9e9101e89f0ef8faa403f21b89c0943761b73c7fda09eb1442dd4d5008a18fe2c2d394e1c81a9b8fa2b
-
SSDEEP
768:AxfWnhObkAApSu3oiIDNzeJku9vx/SF5Mbd0oC3d4OoxnrKcSnYRJ:5nkbq
Score
6/10
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1760 sandy.exe