Analysis
-
max time kernel
258s -
max time network
270s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
27-11-2022 19:15
Behavioral task
behavioral1
Sample
d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
Resource
win10v2004-20221111-en
General
-
Target
d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
-
Size
1.4MB
-
MD5
b3fdf470658586ffe5b015f88ed4dc75
-
SHA1
c69862eb7645c8680c0c6763ceef243df5bc95e6
-
SHA256
d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b
-
SHA512
46e8cb6b125bdeac5ee6c950fee68090a34eea0f56f9e61c0d3120c957d90d826f2a3df7946f13824b29f4c352d88a00c94e45fc9452d7b1a9b725e527d8a4fa
-
SSDEEP
24576:Jk70Trc/gkCNYNBsIfkUpEONJ5XBKcHE6grYO5/ovgTfAMBmNEReYW9DD8OxGFK7:JkQTAeSYMxNH5s5AsPfIBDD8OwFPQ
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4184-132-0x0000000000400000-0x0000000000573000-memory.dmp vmprotect behavioral2/memory/4184-133-0x0000000000400000-0x0000000000573000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exepid process 4184 d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe 4184 d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exedescription pid process Token: SeDebugPrivilege 4184 d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe"C:\Users\Admin\AppData\Local\Temp\d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4184-132-0x0000000000400000-0x0000000000573000-memory.dmpFilesize
1.4MB
-
memory/4184-133-0x0000000000400000-0x0000000000573000-memory.dmpFilesize
1.4MB
-
memory/4184-134-0x0000000007140000-0x00000000076E4000-memory.dmpFilesize
5.6MB
-
memory/4184-135-0x00000000076F0000-0x0000000007782000-memory.dmpFilesize
584KB
-
memory/4184-136-0x00000000077D0000-0x00000000077DA000-memory.dmpFilesize
40KB