Overview

overview

8

Static

static

b62305d893...ad.exe

windows7-x64

8

b62305d893...ad.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b62305d8939f610983e9f1355247194a801380ec49a267ef20d0062acb0954ad.exe

  • Size

    84KB

  • MD5

    0b4f9b2f8a0547130f6b9f8ffb872344

  • SHA1

    da49204a825d59710f07ecdf47f969458bfe22a3

  • SHA256

    b62305d8939f610983e9f1355247194a801380ec49a267ef20d0062acb0954ad

  • SHA512

    ccbb3f0ae7ddca7b865a7645175a3f61bac2e9c21fd2b8e6098a8f02f69d9263b4334e09483b1cabb00dfc94398343b636ff099fb0f7f000e4b18af58b0e0f1d

  • SSDEEP

    1536:VCWLF1kxzLL04Cl8qrtzhoHoPEIZ6hwnjr:VCWExzLLvClbzhoHoPEIxn

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b62305d8939f610983e9f1355247194a801380ec49a267ef20d0062acb0954ad.exe
    "C:\Users\Admin\AppData\Local\Temp\b62305d8939f610983e9f1355247194a801380ec49a267ef20d0062acb0954ad.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4012
  • C:\Windows\SysWOW64\Winkzxx.exe
    C:\Windows\SysWOW64\Winkzxx.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Winkzxx.exe
    Filesize

    78KB

    MD5

    7faa9c01df6ee80841d048b1ab01cd81

    SHA1

    17b38c04810d1c0f7b07e5395c07ed414195b0b9

    SHA256

    d3ea7880fc5f83d17c02a28242f6ad517e17dc0760b01f5035722b59711ad969

    SHA512

    5d96493a85207e6ac37fe69043a7eb3a86ecf2b480c5063c4f4678d44ba42aab0e418a7f6a5cdd63564c0a2b022c2b1729695b661f1b0464d44f4c0c761486ed

    Download Submit

  • C:\Windows\SysWOW64\Winkzxx.exe
    Filesize

    78KB

    MD5

    7faa9c01df6ee80841d048b1ab01cd81

    SHA1

    17b38c04810d1c0f7b07e5395c07ed414195b0b9

    SHA256

    d3ea7880fc5f83d17c02a28242f6ad517e17dc0760b01f5035722b59711ad969

    SHA512

    5d96493a85207e6ac37fe69043a7eb3a86ecf2b480c5063c4f4678d44ba42aab0e418a7f6a5cdd63564c0a2b022c2b1729695b661f1b0464d44f4c0c761486ed

    Download Submit