Overview

overview

8

Static

static

9566f07849...7b.exe

windows7-x64

8

9566f07849...7b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    45s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-10-2022 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9566f07849d91de412690040436fd516ddd43a9a9540d46970b2c62aa373387b.exe

  • Size

    89KB

  • MD5

    09606a82901c465cb1c94039faab4fb1

  • SHA1

    592ee65ec91dab756bd68931018a586e62e3f62b

  • SHA256

    9566f07849d91de412690040436fd516ddd43a9a9540d46970b2c62aa373387b

  • SHA512

    80e78d5cf2e14767fe7975f7775010bf81d2be61ec920facb909eae208cd5b3571aba81ab05e8ab8c709513cf3e468535bbb78299a4c9c0036768fe850835176

  • SSDEEP

    768:WeWGCQxs9kGd96NDkSV2bIXzl4CnTDHGsDf8RUFqoD4bDIsFDBnoobhJrp6D5GaI:1WGxs9kGdYk8wO4Cnt8RUyhoolpCl

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9566f07849d91de412690040436fd516ddd43a9a9540d46970b2c62aa373387b.exe
    "C:\Users\Admin\AppData\Local\Temp\9566f07849d91de412690040436fd516ddd43a9a9540d46970b2c62aa373387b.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1364
  • C:\Windows\SysWOW64\Winkkp.exe
    C:\Windows\SysWOW64\Winkkp.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Winkkp.exe
    Filesize

    60KB

    MD5

    bc66e04499ba50a764888938f99d5b8b

    SHA1

    0c9b4b7ee986328f6a399243156ae94893d756f8

    SHA256

    48873ecb138b1b10fc31aa2e743d86ff9039d26fc5e296e8a0c942118acef2e6

    SHA512

    92203b4befb3148a985df21293c940c0c2c292940f1296ac1cd96ce860cfd43a4a6a7cfe005e495e0afc20c83011993c4e2881f7d787ee810a236324ed36ccef

    Download Submit

  • C:\Windows\SysWOW64\Winkkp.exe
    Filesize

    45KB

    MD5

    13609cb0f9062d59f6fb663d0ac9247d

    SHA1

    0cdf94c62ba78aa9781bd7b4d7bc6e6b3f881e5c

    SHA256

    fcd243a6e245b71ae564a5ace56ff45cb790f443729faaf2e4e251dccf274435

    SHA512

    b1efea9e8097c268c151ce93fbce64e09dfb905a1f0f9092367f19270ccfd1b5f15f432d00efa70a70521bfa8824fd0d7febf868b8c5947dbea2712768a8e3f0

    Download Submit