Overview

overview

1

Static

static

6870d5d001...7f.exe

windows7-x64

1

6870d5d001...7f.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    187s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 16:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6870d5d00145ed3ab69d21a04fa5371b25ec7b84032f017110573998dca3057f.exe

  • Size

    18KB

  • MD5

    95cf8e9a3a8d71c9e11c1d4d7b651dcc

  • SHA1

    516bae6dd00e6f74bfe796580c7af0c3b1a0a2dd

  • SHA256

    6870d5d00145ed3ab69d21a04fa5371b25ec7b84032f017110573998dca3057f

  • SHA512

    3a349a94f9a41e3bd102737629a53488371cbf3fbd575f0ebb87909f2e681fe08cf4d4d722883c7cc1ef817c61b0428ab6302887c6b37b96079dd7683179fc68

  • SSDEEP

    384:hQB/7tNpIvHB08UnTCNYG50QaENoa6xj2EfDhW0agBQ32m:hQpbCP8weTCEfDE0agBQmm

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6870d5d00145ed3ab69d21a04fa5371b25ec7b84032f017110573998dca3057f.exe
    "C:\Users\Admin\AppData\Local\Temp\6870d5d00145ed3ab69d21a04fa5371b25ec7b84032f017110573998dca3057f.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/384-132-0x0000000000DE0000-0x0000000000DEA000-memory.dmp

    Filesize

    40KB

    Download