Analysis
-
max time kernel
38s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
23-11-2022 09:44
General
-
Target
97c2460571ec127bd799f3f1dab86094984a5e0d9b6b909bd9201a503f7ef651.exe
-
Size
486KB
-
MD5
a72363c86403f081d45748971afbb22f
-
SHA1
a83245f848343258a0009306bd3dff68a679f250
-
SHA256
97c2460571ec127bd799f3f1dab86094984a5e0d9b6b909bd9201a503f7ef651
-
SHA512
c388c640c588c78e9ae3ee88855ace5bfe9c4b6d84bce52e2f0d563b663f675d8b4c7c837e8ffd2f9a6818eb3092bce66375206844500d4ede41503adda1bbd5
-
SSDEEP
12288:1eWoWEGNhjFjrPOfOAuk5Regirp75qOQs86tzfM2Hj:8od5rWGAuk5R6XoSt/j
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\97c2460571ec127bd799f3f1dab86094984a5e0d9b6b909bd9201a503f7ef651.exe"C:\Users\Admin\AppData\Local\Temp\97c2460571ec127bd799f3f1dab86094984a5e0d9b6b909bd9201a503f7ef651.exe"1⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1628-54-0x00000000754C1000-0x00000000754C3000-memory.dmpFilesize
8KB
-
memory/1628-55-0x0000000000400000-0x0000000000425000-memory.dmpFilesize
148KB