Overview

overview

8

Static

static

d3c5e442c6...9e.exe

windows7-x64

8

d3c5e442c6...9e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06-11-2022 07:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d3c5e442c605f44440694eab07d8a1d11f59c1a004357ad683a535a4583da69e.exe

  • Size

    60KB

  • MD5

    18abea593164d09b9d49d0ff04c4a9a0

  • SHA1

    a2516bccaf00df69890f34f1561b3c03a1330ce3

  • SHA256

    d3c5e442c605f44440694eab07d8a1d11f59c1a004357ad683a535a4583da69e

  • SHA512

    0e100a4dcc678b5e112f3d6947485c67d0719cd297c39bd38793661af6d3f03fd05e72829a2aa68361cc243f52b3449d506073b8e9829d6465d3b29830930b6f

  • SSDEEP

    768:EWTiDEeofg2LBs0s4ZxDx6x7rbeDPjga8mJ5ZQ5YfKloCoxTxExVx6xhcYl/x7Z6:EWTiclZpMhw7NDJU4FCTQ/cYl7b2

Score
8/10
discoveryexploit

Malware Config

Signatures

  • Possible privilege escalation attempt 2 IoCs
    exploit
  • Modifies file permissions 1 TTPs 2 IoCs
    discovery
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3c5e442c605f44440694eab07d8a1d11f59c1a004357ad683a535a4583da69e.exe
    "C:\Users\Admin\AppData\Local\Temp\d3c5e442c605f44440694eab07d8a1d11f59c1a004357ad683a535a4583da69e.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1884
    • C:\Windows\SysWOW64\takeown.exe
      C:\Windows\system32\takeown.exe /f "c:\windows\system32\ajbo.exe"
      2⤵
      • Possible privilege escalation attempt
      • Modifies file permissions
      PID:900
    • C:\Windows\SysWOW64\icacls.exe
      C:\Windows\system32\icacls.exe "c:\windows\system32\ajbo.exe" /grant SYSTEM:F
      2⤵
      • Possible privilege escalation attempt
      • Modifies file permissions
      PID:1984

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \??\c:\windows\SysWOW64\ajbo.exe
    Filesize

    60KB

    MD5

    18abea593164d09b9d49d0ff04c4a9a0

    SHA1

    a2516bccaf00df69890f34f1561b3c03a1330ce3

    SHA256

    d3c5e442c605f44440694eab07d8a1d11f59c1a004357ad683a535a4583da69e

    SHA512

    0e100a4dcc678b5e112f3d6947485c67d0719cd297c39bd38793661af6d3f03fd05e72829a2aa68361cc243f52b3449d506073b8e9829d6465d3b29830930b6f

    Download Submit
  • memory/900-56-0x0000000000000000-mapping.dmp
    Download
  • memory/1984-57-0x0000000000000000-mapping.dmp
    Download