Analysis
-
max time kernel
145s -
max time network
172s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 15:38
Static task
static1
Behavioral task
behavioral1
Sample
e41a72af74e85cdb87a6d5b5826e3b4ba97e597838153f43e71d9786832a7875.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e41a72af74e85cdb87a6d5b5826e3b4ba97e597838153f43e71d9786832a7875.exe
Resource
win10v2004-20221111-en
General
-
Target
e41a72af74e85cdb87a6d5b5826e3b4ba97e597838153f43e71d9786832a7875.exe
-
Size
504KB
-
MD5
e299552d9e650a99b5c5baf28d53d2a9
-
SHA1
e59e4485b98cf7931acf9f3541c349f38680c921
-
SHA256
e41a72af74e85cdb87a6d5b5826e3b4ba97e597838153f43e71d9786832a7875
-
SHA512
6ddc1250b3c00a8064e4e945959e89c22968573574593927b768240445f7584488492b51b0c6600bbbeb5080187a77d1490ffa8f756145b13133fab00a609ab5
-
SSDEEP
12288:HoL4EnU4T/vjLkz1qbXldP3mvxI8oHdiD4TNXp/7Il:HwnU4TDLkxqbXlfvTppIl
Malware Config
Signatures
-
Drops desktop.ini file(s) 2 IoCs
Processes:
e41a72af74e85cdb87a6d5b5826e3b4ba97e597838153f43e71d9786832a7875.exedescription ioc process File opened for modification C:\Windows\assembly\Desktop.ini e41a72af74e85cdb87a6d5b5826e3b4ba97e597838153f43e71d9786832a7875.exe File created C:\Windows\assembly\Desktop.ini e41a72af74e85cdb87a6d5b5826e3b4ba97e597838153f43e71d9786832a7875.exe -
Drops file in Windows directory 3 IoCs
Processes:
e41a72af74e85cdb87a6d5b5826e3b4ba97e597838153f43e71d9786832a7875.exedescription ioc process File opened for modification C:\Windows\assembly e41a72af74e85cdb87a6d5b5826e3b4ba97e597838153f43e71d9786832a7875.exe File created C:\Windows\assembly\Desktop.ini e41a72af74e85cdb87a6d5b5826e3b4ba97e597838153f43e71d9786832a7875.exe File opened for modification C:\Windows\assembly\Desktop.ini e41a72af74e85cdb87a6d5b5826e3b4ba97e597838153f43e71d9786832a7875.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
e41a72af74e85cdb87a6d5b5826e3b4ba97e597838153f43e71d9786832a7875.exedescription pid process Token: SeDebugPrivilege 1684 e41a72af74e85cdb87a6d5b5826e3b4ba97e597838153f43e71d9786832a7875.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e41a72af74e85cdb87a6d5b5826e3b4ba97e597838153f43e71d9786832a7875.exe"C:\Users\Admin\AppData\Local\Temp\e41a72af74e85cdb87a6d5b5826e3b4ba97e597838153f43e71d9786832a7875.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1684