Analysis

  • max time kernel
    205s
  • max time network
    216s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    28-11-2022 05:16

General

  • Target

    aa30e1e0199d8707470ed90a9a406965472c03a212f3b44f12bde5b1e9595037.exe

  • Size

    30KB

  • MD5

    abf5ff276ebbce7b618da69305ea41a0

  • SHA1

    ce64e04cf10871d748e2a43fbb28ab9390fb0bc8

  • SHA256

    aa30e1e0199d8707470ed90a9a406965472c03a212f3b44f12bde5b1e9595037

  • SHA512

    fe3b2b60d051f434fc58ebe35644b3e329157c9e0e700c08a9c365997e69d45e3f425839ae718a5558ade60f8dec774223583491ae5b73a83de76400493c5bc2

  • SSDEEP

    192:y5ve61pPurwRouY3SA0q+aUAHS+EHBjIYa1H5Ue/MLRvB/dqVjvMXwpLE0/0:yVe6rK3SA6DyKe/QvBAVrM0s

Score
1/10

Malware Config

Signatures

  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1264
      • C:\Users\Admin\AppData\Local\Temp\aa30e1e0199d8707470ed90a9a406965472c03a212f3b44f12bde5b1e9595037.exe
        "C:\Users\Admin\AppData\Local\Temp\aa30e1e0199d8707470ed90a9a406965472c03a212f3b44f12bde5b1e9595037.exe"
        2⤵
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1884

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1884-54-0x0000000076941000-0x0000000076943000-memory.dmp

      Filesize

      8KB