Overview

overview

1

Static

static

14Lt2iKtL42Y2Nc.exe

windows7-x64

1

14Lt2iKtL42Y2Nc.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    58s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 14:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14Lt2iKtL42Y2Nc.exe

  • Size

    722KB

  • MD5

    9956c7eff55abfe7e71f59daae9d6500

  • SHA1

    050a136d3878a5abb2bd9ee4dddeae2197571a9f

  • SHA256

    d869b398aa7251baa6bd6936df6b5fe7b9f12547f9d46a9e8d36c91e3c9d96a2

  • SHA512

    cf701139f72aec6ed77c1f909df7e0791853ce88bab1ff7b8beeab79e88035eee982a9eadda9227c834386acdaab2a1688f2fc277d69cd054137f6733c527568

  • SSDEEP

    12288:wrBnM33302IgFJN0V3foiX0hBzejAg6SXaWh6RDsTJQVDfR8w+7cjZnbCkI:kBnG30YCoiXIBzeEgcvRDs18x1jZnbCx

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14Lt2iKtL42Y2Nc.exe
    "C:\Users\Admin\AppData\Local\Temp\14Lt2iKtL42Y2Nc.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1588
    • C:\Users\Admin\AppData\Local\Temp\14Lt2iKtL42Y2Nc.exe
      "C:\Users\Admin\AppData\Local\Temp\14Lt2iKtL42Y2Nc.exe"
      2⤵
        PID:1348
      • C:\Users\Admin\AppData\Local\Temp\14Lt2iKtL42Y2Nc.exe
        "C:\Users\Admin\AppData\Local\Temp\14Lt2iKtL42Y2Nc.exe"
        2⤵
          PID:1744
        • C:\Users\Admin\AppData\Local\Temp\14Lt2iKtL42Y2Nc.exe
          "C:\Users\Admin\AppData\Local\Temp\14Lt2iKtL42Y2Nc.exe"
          2⤵
            PID:1708
          • C:\Users\Admin\AppData\Local\Temp\14Lt2iKtL42Y2Nc.exe
            "C:\Users\Admin\AppData\Local\Temp\14Lt2iKtL42Y2Nc.exe"
            2⤵
              PID:944
            • C:\Users\Admin\AppData\Local\Temp\14Lt2iKtL42Y2Nc.exe
              "C:\Users\Admin\AppData\Local\Temp\14Lt2iKtL42Y2Nc.exe"
              2⤵
                PID:896

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1588-54-0x0000000000350000-0x000000000040A000-memory.dmp
              Filesize

              744KB

              Download
            • memory/1588-55-0x0000000075CF1000-0x0000000075CF3000-memory.dmp
              Filesize

              8KB

              Download
            • memory/1588-56-0x0000000000410000-0x0000000000428000-memory.dmp
              Filesize

              96KB

              Download
            • memory/1588-57-0x0000000000320000-0x000000000032C000-memory.dmp
              Filesize

              48KB

              Download
            • memory/1588-58-0x0000000007DB0000-0x0000000007E20000-memory.dmp
              Filesize

              448KB

              Download
            • memory/1588-59-0x00000000021D0000-0x0000000002206000-memory.dmp
              Filesize

              216KB

              Download