Overview

overview

8

Static

static

018f3f7e2e...88.exe

windows7-x64

8

018f3f7e2e...88.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 18:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    018f3f7e2e731500654aa680c6dbfacd5a2cbe0ca9aead83b632453aaa531a88.exe

  • Size

    112KB

  • MD5

    457172bf57a9e415545c31756c6f16b6

  • SHA1

    66008496c53954cbd931579fe9464e1eb02833cd

  • SHA256

    018f3f7e2e731500654aa680c6dbfacd5a2cbe0ca9aead83b632453aaa531a88

  • SHA512

    92852e17a3333848ce6b88b08d83e6c2b28b6b6c8fddd5cdb16faa8bfb3c2a0adda3529159014e35a83a679c60c1b2269bf72f22ecb7697e3dd6894b4f6a4da9

  • SSDEEP

    1536:XSSnze1gsJ55n/4CkOwwF+bhoOHLnjXIRXMMGBkyJMjZROYJT3bQghxHCZ:iSn3sziCkd5bho+nsRcaC

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\018f3f7e2e731500654aa680c6dbfacd5a2cbe0ca9aead83b632453aaa531a88.exe
    "C:\Users\Admin\AppData\Local\Temp\018f3f7e2e731500654aa680c6dbfacd5a2cbe0ca9aead83b632453aaa531a88.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2356
  • C:\Windows\SysWOW64\Winkulf.exe
    C:\Windows\SysWOW64\Winkulf.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Winkulf.exe
    Filesize

    76KB

    MD5

    f2c247dd681a88b3ec8630b5ba87ebd9

    SHA1

    d46ba868246843b428093da4dc59a16814f992b0

    SHA256

    30044a5c49fb746f954872bf01b7975883b759c1798b58148c3c9043c2587cdb

    SHA512

    9b2d2a0be0c1b70c19eaf19e47feabb4f640ae3f8b92cdd8f74a45e7765dc1d61f5805c372ca03f68879cc0c62559614cd39629b2b0f06b5523080fd90a574a5

    Download Submit
  • C:\Windows\SysWOW64\Winkulf.exe
    Filesize

    76KB

    MD5

    f2c247dd681a88b3ec8630b5ba87ebd9

    SHA1

    d46ba868246843b428093da4dc59a16814f992b0

    SHA256

    30044a5c49fb746f954872bf01b7975883b759c1798b58148c3c9043c2587cdb

    SHA512

    9b2d2a0be0c1b70c19eaf19e47feabb4f640ae3f8b92cdd8f74a45e7765dc1d61f5805c372ca03f68879cc0c62559614cd39629b2b0f06b5523080fd90a574a5

    Download Submit