Overview

overview

8

Static

static

72b504a351...d0.exe

windows7-x64

8

72b504a351...d0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    90s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2022, 15:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72b504a35178aa1937baadcf5d90c0c7ee284d2b01527988c444e44d266307d0.exe

  • Size

    92KB

  • MD5

    064caccd1964f67ba6ba8a3176683256

  • SHA1

    aab771df1cc95d233c31038f4ff0939da21e11ff

  • SHA256

    72b504a35178aa1937baadcf5d90c0c7ee284d2b01527988c444e44d266307d0

  • SHA512

    b01fab229680355faba5d60abe1e36ab95d5810cbb9c220d7356d5ea11b5b2d8e36a5ca0a34b084512cbd5a0de64a404dacadb18a6f147059958b9e26a589453

  • SSDEEP

    768:WeWGCQxs9kGd96NDkSV2bIXzl4CnTDHGsDf8RUFqoD4bDIsFDBno/p6D5Donj:1WGxs9kGdYk8wO4Cnt8RUyho/C8nj

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\72b504a35178aa1937baadcf5d90c0c7ee284d2b01527988c444e44d266307d0.exe
    "C:\Users\Admin\AppData\Local\Temp\72b504a35178aa1937baadcf5d90c0c7ee284d2b01527988c444e44d266307d0.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4896
  • C:\Windows\SysWOW64\Winkzjj.exe
    C:\Windows\SysWOW64\Winkzjj.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Winkzjj.exe
    Filesize

    84KB

    MD5

    68e159597423d4b6ffe6151e339daa74

    SHA1

    38bd7106abf4173c19185fbdef289d023e976333

    SHA256

    ebda298967810d82ae250a8c106318e1f1836e1be5ec8ee1d5036d0ccc3efbfa

    SHA512

    cfe87db27ae1f798c4232ecaf5c677400b595ab73877c114438668924cf9fc160588b5d7ae2c10119d146efa69be70eed701cbb82bb260ae234db2a1b714afe2

    Download Submit

  • C:\Windows\SysWOW64\Winkzjj.exe
    Filesize

    84KB

    MD5

    68e159597423d4b6ffe6151e339daa74

    SHA1

    38bd7106abf4173c19185fbdef289d023e976333

    SHA256

    ebda298967810d82ae250a8c106318e1f1836e1be5ec8ee1d5036d0ccc3efbfa

    SHA512

    cfe87db27ae1f798c4232ecaf5c677400b595ab73877c114438668924cf9fc160588b5d7ae2c10119d146efa69be70eed701cbb82bb260ae234db2a1b714afe2

    Download Submit