Overview

overview

8

Static

static

018f3f7e2e...88.exe

windows7-x64

8

018f3f7e2e...88.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    18s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 18:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    018f3f7e2e731500654aa680c6dbfacd5a2cbe0ca9aead83b632453aaa531a88.exe

  • Size

    112KB

  • MD5

    457172bf57a9e415545c31756c6f16b6

  • SHA1

    66008496c53954cbd931579fe9464e1eb02833cd

  • SHA256

    018f3f7e2e731500654aa680c6dbfacd5a2cbe0ca9aead83b632453aaa531a88

  • SHA512

    92852e17a3333848ce6b88b08d83e6c2b28b6b6c8fddd5cdb16faa8bfb3c2a0adda3529159014e35a83a679c60c1b2269bf72f22ecb7697e3dd6894b4f6a4da9

  • SSDEEP

    1536:XSSnze1gsJ55n/4CkOwwF+bhoOHLnjXIRXMMGBkyJMjZROYJT3bQghxHCZ:iSn3sziCkd5bho+nsRcaC

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\018f3f7e2e731500654aa680c6dbfacd5a2cbe0ca9aead83b632453aaa531a88.exe
    "C:\Users\Admin\AppData\Local\Temp\018f3f7e2e731500654aa680c6dbfacd5a2cbe0ca9aead83b632453aaa531a88.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:864
  • C:\Windows\SysWOW64\Winklyt.exe
    C:\Windows\SysWOW64\Winklyt.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Winklyt.exe
    Filesize

    82KB

    MD5

    d50b0b394d96961e391228bf10ae84bc

    SHA1

    07e6176ecdd916604c34ad4a25853c21e82e3589

    SHA256

    852eb7fdb3cba7e6ab8e307076c5184bdd18ca01939d3a63c8fa017fca086cc6

    SHA512

    a8fd079c3d90bb7b28c170fc05b39cdcd491f2cdc634e44c9732b406058a1cce170154b81b5cdad2e60f1145cbfcd2897d62266da8045c80b2f053ee2cc44fe2

    Download Submit

  • C:\Windows\SysWOW64\Winklyt.exe
    Filesize

    82KB

    MD5

    d50b0b394d96961e391228bf10ae84bc

    SHA1

    07e6176ecdd916604c34ad4a25853c21e82e3589

    SHA256

    852eb7fdb3cba7e6ab8e307076c5184bdd18ca01939d3a63c8fa017fca086cc6

    SHA512

    a8fd079c3d90bb7b28c170fc05b39cdcd491f2cdc634e44c9732b406058a1cce170154b81b5cdad2e60f1145cbfcd2897d62266da8045c80b2f053ee2cc44fe2

    Download Submit