Overview

overview

8

Static

static

9a9b3f677d...90.exe

windows7-x64

8

9a9b3f677d...90.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    33s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 18:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a9b3f677de49a58c5e50f5b8ad1ad07604bc5d093bbd7da93d5cd407b810790.exe

  • Size

    78KB

  • MD5

    c2cdde45ecdab0faf24797ab020094ed

  • SHA1

    061590684182b78f2b39216c9efcfecfb6c92db6

  • SHA256

    9a9b3f677de49a58c5e50f5b8ad1ad07604bc5d093bbd7da93d5cd407b810790

  • SHA512

    a81c4337a7180498ade50d3b7b30cbc3d2a7aa3adb1277dda15d0fd2f72afef652b1e71de8660c64687df10e713f678f6f1835f472b6ebe6c9a1e7eaa4960461

  • SSDEEP

    1536:zaWLF1kxTnUI4CFPtv6iSJnaGlbVxhojVEg:zaWExTnUTCFPtvanaGlbVxhojV

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a9b3f677de49a58c5e50f5b8ad1ad07604bc5d093bbd7da93d5cd407b810790.exe
    "C:\Users\Admin\AppData\Local\Temp\9a9b3f677de49a58c5e50f5b8ad1ad07604bc5d093bbd7da93d5cd407b810790.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1664
  • C:\Windows\SysWOW64\Winkuox.exe
    C:\Windows\SysWOW64\Winkuox.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Winkuox.exe
    Filesize

    79KB

    MD5

    0f9539cfe1ad93b079a6c5425e618903

    SHA1

    8b97bd26eac0c56c273f531078a2ae1266b82d8d

    SHA256

    9354dcb9f846098d8936a956028dc2317346f3ed32553d06353e71c1a06fccfc

    SHA512

    dcb14971488e8cbb36583bfa571089028efffb5a983532622265baf53a2b691c3e560287dc09c348a15417b9c5730a86526455d0a0cfe13ec8c3540e3a503a0c

    Download Submit

  • C:\Windows\SysWOW64\Winkuox.exe
    Filesize

    79KB

    MD5

    0f9539cfe1ad93b079a6c5425e618903

    SHA1

    8b97bd26eac0c56c273f531078a2ae1266b82d8d

    SHA256

    9354dcb9f846098d8936a956028dc2317346f3ed32553d06353e71c1a06fccfc

    SHA512

    dcb14971488e8cbb36583bfa571089028efffb5a983532622265baf53a2b691c3e560287dc09c348a15417b9c5730a86526455d0a0cfe13ec8c3540e3a503a0c

    Download Submit

  • memory/1664-56-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2008-57-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download