Overview

overview

8

Static

static

6b17efa188...11.exe

windows7-x64

8

6b17efa188...11.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 14:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6b17efa188a6940b2067f541aacefcb7303af1b1d597a7573ae525cb2e9f1711.exe

  • Size

    87KB

  • MD5

    a2e26e8f4bb8f9a57b576acd9ae1d5a0

  • SHA1

    af7df8bc068bd3aaa77888bbc8ec6a7457fcb3c4

  • SHA256

    6b17efa188a6940b2067f541aacefcb7303af1b1d597a7573ae525cb2e9f1711

  • SHA512

    01d04d6bcf5a867920e2c64bc7217c16e3852ba446bca8d2d7abad17c826f4f4fd06d06bbba0500b22387b14addbda0fd3d19f6f54f7a9e93c09f0bf37e3507b

  • SSDEEP

    768:WeWGCQxs9kGd96NDkSV2bIXzl4CnTDHGsDf8RUFqoD4bDIsFDBnotp6D5Ga34:1WGxs9kGdYk8wO4Cnt8RUyhotCl

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b17efa188a6940b2067f541aacefcb7303af1b1d597a7573ae525cb2e9f1711.exe
    "C:\Users\Admin\AppData\Local\Temp\6b17efa188a6940b2067f541aacefcb7303af1b1d597a7573ae525cb2e9f1711.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1632
  • C:\Windows\SysWOW64\Winkjb.exe
    C:\Windows\SysWOW64\Winkjb.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1124

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\Winkjb.exe
          Filesize

          85KB

          MD5

          24a60d4c8e54633c3aea1c0fab7b8628

          SHA1

          5db9bda4412a4d20d182c673bb2202c80ba0d5fd

          SHA256

          28621b113bf77b8ada8c04496a5e9a0bece863b61e2978860c862b382cfbc1ac

          SHA512

          cc801af4ec3ed03b653b63774063bbacef06c6d469b8807fb7c4ba7b54ad1c1fd9ec01656bb9635bfef0f213e11e9dd9e7cca4368a1986efade81de512b7f142

          Download Submit

        • C:\Windows\SysWOW64\Winkjb.exe
          Filesize

          85KB

          MD5

          24a60d4c8e54633c3aea1c0fab7b8628

          SHA1

          5db9bda4412a4d20d182c673bb2202c80ba0d5fd

          SHA256

          28621b113bf77b8ada8c04496a5e9a0bece863b61e2978860c862b382cfbc1ac

          SHA512

          cc801af4ec3ed03b653b63774063bbacef06c6d469b8807fb7c4ba7b54ad1c1fd9ec01656bb9635bfef0f213e11e9dd9e7cca4368a1986efade81de512b7f142

          Download Submit