Overview

overview

1

Static

static

Broken_rainbow.exe

windows7-x64

1

Broken_rainbow.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    82s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/11/2022, 02:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Broken_rainbow.exe

  • Size

    326KB

  • MD5

    aeca97e963f00db8c1f3fdd2d804cb3e

  • SHA1

    10c941a11ff285cbda43d4455f3e2f5c66fc2090

  • SHA256

    33033c6f503ed0e4614371ff6a5a0453c8ee19b7eabf462a1655cf0a53a538fb

  • SHA512

    66dbd5d4110013b60d8719edbcb11fc16016d6a38fb182c57286f925e4e3dc9ea88d7df402c9a415572b20c58e22fe5e5bd8ef9f932e639c2a2f0721166a776a

  • SSDEEP

    6144:dOuLy7lGCLPEEbf5CHlRImmzC7PDTyuTSgHaho3boo8/9NHOAOrn:Au27lGCLPaRImmzCnTyuTScJ4/9NO1

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Broken_rainbow.exe
    "C:\Users\Admin\AppData\Local\Temp\Broken_rainbow.exe"
    1⤵
      PID:1680
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1964
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x1c4
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:572

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1964-54-0x000007FEFB741000-0x000007FEFB743000-memory.dmp

              Filesize

              8KB

              Download