Overview

overview

8

Static

static

a05130cf3c...cc.exe

windows7-x64

8

a05130cf3c...cc.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    176s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/11/2022, 10:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a05130cf3ca7c666dde9a9f15f1f82b73c93792d3cacfb70a7e1cd2401d0e3cc.exe

  • Size

    80KB

  • MD5

    22c2c425f8af14be2b8abf1f1e6f6176

  • SHA1

    4bc6a6ccc9deea30ac7aba2b3847f808e8f5a6c1

  • SHA256

    a05130cf3ca7c666dde9a9f15f1f82b73c93792d3cacfb70a7e1cd2401d0e3cc

  • SHA512

    d067d86bc11cc5a9e2c8170af962cfcc9b9a4ce51d5e3feb60fb7ed2ea4566d17c6b36f3da55e4bd41e9f6b5196b1c64f900083c420da14c095bbe375835c6c2

  • SSDEEP

    768:zXS6Lnze1gshn5ew/QuBdL/4Ckir4SWeq3HwFdkt+Afs2DBnoUYe5in9vK6KcgMT:TSSnze1gsJ55n/4CkOwwF+bhoUnky0

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a05130cf3ca7c666dde9a9f15f1f82b73c93792d3cacfb70a7e1cd2401d0e3cc.exe
    "C:\Users\Admin\AppData\Local\Temp\a05130cf3ca7c666dde9a9f15f1f82b73c93792d3cacfb70a7e1cd2401d0e3cc.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4756
  • C:\Windows\SysWOW64\Winkqsj.exe
    C:\Windows\SysWOW64\Winkqsj.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Winkqsj.exe
    Filesize

    85KB

    MD5

    6ad16d121b09531a272a88048c798376

    SHA1

    ba67aeaaa3948169cc8ac683782e951e8c002cf5

    SHA256

    7d764a9f30db744621b3aed38627fabc17a45583fad60a19ffdbbca44c122741

    SHA512

    ffcfb15237de930584fcf58d9cb14e93e7d986e43e3d67b51579c3645f1feeb22ed0e834d261d1c1ab245b46a7597e22b38ea11ab4b954bb6c50fc5ca947303c

    Download Submit

  • C:\Windows\SysWOW64\Winkqsj.exe
    Filesize

    85KB

    MD5

    6ad16d121b09531a272a88048c798376

    SHA1

    ba67aeaaa3948169cc8ac683782e951e8c002cf5

    SHA256

    7d764a9f30db744621b3aed38627fabc17a45583fad60a19ffdbbca44c122741

    SHA512

    ffcfb15237de930584fcf58d9cb14e93e7d986e43e3d67b51579c3645f1feeb22ed0e834d261d1c1ab245b46a7597e22b38ea11ab4b954bb6c50fc5ca947303c

    Download Submit