Resubmissions

19-10-2022 08:30

221019-kd4y6sfba3 7

19-10-2022 08:13

221019-j4xgcafag2 7

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    19-10-2022 08:13

General

  • Target

    sandy.exe

  • Size

    195KB

  • MD5

    720971089e8f4292320aa9dd28a23aa5

  • SHA1

    54f9f9e88cd6791911608a191274ed6bb52bc4cf

  • SHA256

    f695fb16617b13ad13327d89c181f68fbfee6a23b09b85db7339637b0da8e197

  • SHA512

    8a4b647a5155f795797836db66de7e7247bfbb5fc9bff9e9101e89f0ef8faa403f21b89c0943761b73c7fda09eb1442dd4d5008a18fe2c2d394e1c81a9b8fa2b

  • SSDEEP

    768:AxfWnhObkAApSu3oiIDNzeJku9vx/SF5Mbd0oC3d4OoxnrKcSnYRJ:5nkbq

Score
6/10

Malware Config

Signatures

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sandy.exe
    "C:\Users\Admin\AppData\Local\Temp\sandy.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1760

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1760-54-0x0000000000E70000-0x0000000000EA6000-memory.dmp

    Filesize

    216KB

  • memory/1760-55-0x0000000075931000-0x0000000075933000-memory.dmp

    Filesize

    8KB