Overview

overview

8

Static

static

a05130cf3c...cc.exe

windows7-x64

8

a05130cf3c...cc.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    46s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2022, 10:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a05130cf3ca7c666dde9a9f15f1f82b73c93792d3cacfb70a7e1cd2401d0e3cc.exe

  • Size

    80KB

  • MD5

    22c2c425f8af14be2b8abf1f1e6f6176

  • SHA1

    4bc6a6ccc9deea30ac7aba2b3847f808e8f5a6c1

  • SHA256

    a05130cf3ca7c666dde9a9f15f1f82b73c93792d3cacfb70a7e1cd2401d0e3cc

  • SHA512

    d067d86bc11cc5a9e2c8170af962cfcc9b9a4ce51d5e3feb60fb7ed2ea4566d17c6b36f3da55e4bd41e9f6b5196b1c64f900083c420da14c095bbe375835c6c2

  • SSDEEP

    768:zXS6Lnze1gshn5ew/QuBdL/4Ckir4SWeq3HwFdkt+Afs2DBnoUYe5in9vK6KcgMT:TSSnze1gsJ55n/4CkOwwF+bhoUnky0

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a05130cf3ca7c666dde9a9f15f1f82b73c93792d3cacfb70a7e1cd2401d0e3cc.exe
    "C:\Users\Admin\AppData\Local\Temp\a05130cf3ca7c666dde9a9f15f1f82b73c93792d3cacfb70a7e1cd2401d0e3cc.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:948
  • C:\Windows\SysWOW64\Winkip.exe
    C:\Windows\SysWOW64\Winkip.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Winkip.exe
    Filesize

    77KB

    MD5

    a565f924c30bad192f684eea1abdc384

    SHA1

    389bbe5c8d7c0f9e71e27603c79b65b8760a9410

    SHA256

    7ea23ab5d6221773e9831e589584aadd767af8c139a02b0c77a92c2478a324d8

    SHA512

    22e422f4457fc2bbd9aebc59ba945a470a1f971b1e05d9673af672b3f785f6a8e4efd325fa9182fd65b42aadc8d04e275691e89052f289346e1855f13e223ebc

    Download Submit

  • C:\Windows\SysWOW64\Winkip.exe
    Filesize

    77KB

    MD5

    a565f924c30bad192f684eea1abdc384

    SHA1

    389bbe5c8d7c0f9e71e27603c79b65b8760a9410

    SHA256

    7ea23ab5d6221773e9831e589584aadd767af8c139a02b0c77a92c2478a324d8

    SHA512

    22e422f4457fc2bbd9aebc59ba945a470a1f971b1e05d9673af672b3f785f6a8e4efd325fa9182fd65b42aadc8d04e275691e89052f289346e1855f13e223ebc

    Download Submit