Overview

overview

8

Static

static

0d142a50bc...ef.exe

windows7-x64

8

0d142a50bc...ef.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    96s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-10-2022 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d142a50bc7a67b194540613886b3c81fdda47f998f0f3c2ddb23f42ffbeb7ef.exe

  • Size

    93KB

  • MD5

    0b822a0b7ef23d17503ff3dec3abf6c1

  • SHA1

    973eac469ed942a7919dc89727ae6506b90dd9a0

  • SHA256

    0d142a50bc7a67b194540613886b3c81fdda47f998f0f3c2ddb23f42ffbeb7ef

  • SHA512

    9cb97d0099c6f93ca89a712b45b852f4b47232aa6b5943382b7695c2f745455de880c5b5d66b50be101f332e50d3df4248aae152df597f9c9a1263ced9b4ff11

  • SSDEEP

    1536:1WGxs9kGdYk8wO4Cnt8RUyhoHGjOm1QC9cTu:UGfGdYSCnNyhodTu

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d142a50bc7a67b194540613886b3c81fdda47f998f0f3c2ddb23f42ffbeb7ef.exe
    "C:\Users\Admin\AppData\Local\Temp\0d142a50bc7a67b194540613886b3c81fdda47f998f0f3c2ddb23f42ffbeb7ef.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1824
  • C:\Windows\SysWOW64\Winkax.exe
    C:\Windows\SysWOW64\Winkax.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Winkax.exe
    Filesize

    90KB

    MD5

    122eaee2ff9d0b3e2d8c8bdf583766a2

    SHA1

    2710edc723713f0cc2043149f0791abd8be224d3

    SHA256

    c44b96ee21cbd8cea7b59c475b62b0d19d4d36d23e7cb269f2749282f239f33d

    SHA512

    3f43cfd5ed642743908dc0fc5e6636abf5b52ae87a9bc2193eb7e42bf8ff3074189716fb5ad2182b370912a2e9e3e1d3d6245696f1173ed46a0ab9c8ac182a1c

    Download Submit

  • C:\Windows\SysWOW64\Winkax.exe
    Filesize

    90KB

    MD5

    122eaee2ff9d0b3e2d8c8bdf583766a2

    SHA1

    2710edc723713f0cc2043149f0791abd8be224d3

    SHA256

    c44b96ee21cbd8cea7b59c475b62b0d19d4d36d23e7cb269f2749282f239f33d

    SHA512

    3f43cfd5ed642743908dc0fc5e6636abf5b52ae87a9bc2193eb7e42bf8ff3074189716fb5ad2182b370912a2e9e3e1d3d6245696f1173ed46a0ab9c8ac182a1c

    Download Submit