Overview

overview

8

Static

static

4b154dc7ca...66.exe

windows7-x64

8

4b154dc7ca...66.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 00:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4b154dc7ca62b9a72466818465dafbe5271de332d3993bfedc1170ed27ef3266.exe

  • Size

    365KB

  • MD5

    a25eee75c6fbd0f4973617793d2b2c20

  • SHA1

    58c9611a5c0ed6b7d486ebe0b193bd5fc6ec526b

  • SHA256

    4b154dc7ca62b9a72466818465dafbe5271de332d3993bfedc1170ed27ef3266

  • SHA512

    1eaaf59a933ee9b8f7630d5f0ec0907ca219cc5faf134453ded79b6c50afd7a849132f930868adb09244563a9b5e2ca8d3cfa9e02b2aa159b40026d529026bec

  • SSDEEP

    6144:G/2fyvQEXE1Vxo8ISv+CgLNWLEXE1Vxo8ISv:UIjjxo8ISXgJW7jxo8IS

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b154dc7ca62b9a72466818465dafbe5271de332d3993bfedc1170ed27ef3266.exe
    "C:\Users\Admin\AppData\Local\Temp\4b154dc7ca62b9a72466818465dafbe5271de332d3993bfedc1170ed27ef3266.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4352
  • C:\Windows\SysWOW64\Winkhr.exe
    C:\Windows\SysWOW64\Winkhr.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1528

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\Winkhr.exe
          Filesize

          86KB

          MD5

          5abe07b5f730470860c549aeedc13544

          SHA1

          6d12d3ccda10a3bd83281596b13df96429cf53a5

          SHA256

          b7004c59aa10ad1165231c3c42f8a93fa38c6f2805ccd5adfc5598f3f06d4a18

          SHA512

          534fcddc0d966090b2359ac84fabd7008ce5662c68aebc73c3ab30bc50166f96580a4c9da4a5acea0f70338a1c9bee392c81f3648b9a0f976cb553aef6894e06

          Download Submit

        • C:\Windows\SysWOW64\Winkhr.exe
          Filesize

          86KB

          MD5

          5abe07b5f730470860c549aeedc13544

          SHA1

          6d12d3ccda10a3bd83281596b13df96429cf53a5

          SHA256

          b7004c59aa10ad1165231c3c42f8a93fa38c6f2805ccd5adfc5598f3f06d4a18

          SHA512

          534fcddc0d966090b2359ac84fabd7008ce5662c68aebc73c3ab30bc50166f96580a4c9da4a5acea0f70338a1c9bee392c81f3648b9a0f976cb553aef6894e06

          Download Submit