Overview

overview

10

Static

static

a-Skjkmfvbkv.bin.exe

windows7-x64

10

a-Skjkmfvbkv.bin.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    216s
  • max time network
    234s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-11-2022 18:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a-Skjkmfvbkv.bin.exe

  • Size

    12KB

  • MD5

    8383ef681ba9f25dd7bf49c28cef559e

  • SHA1

    12ddeb7c5e504dfbbf194842feb86662c170a8f1

  • SHA256

    193d2c92560adcc08eaf3157673b1f835ae85c5c74679cac587e753f67b33dcf

  • SHA512

    6ef606af88c235f21868f3e9d8ade4e3eb76308559f54ee2501b6302031bc635d68edd0a23de65a7e7590264827fdff1a4ac7e95d5327bc10fb4839397380af4

  • SSDEEP

    384:pUR3OFfFLM89kDKyfjDWwYWxptYcFmVc03K:OOFhv9k28ttYcFmVc6K

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a-Skjkmfvbkv.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\a-Skjkmfvbkv.bin.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:712
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell" Get-Date
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/712-141-0x0000000005E00000-0x0000000005E0A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/712-133-0x00000000055C0000-0x0000000005B64000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/712-135-0x0000000005E10000-0x0000000005EA2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/712-132-0x0000000000750000-0x0000000000758000-memory.dmp
    Filesize

    32KB

    Download
  • memory/4124-134-0x0000000000000000-mapping.dmp
    Download
  • memory/4124-136-0x0000000005020000-0x0000000005056000-memory.dmp
    Filesize

    216KB

    Download
  • memory/4124-137-0x0000000005690000-0x0000000005CB8000-memory.dmp
    Filesize

    6.2MB

    Download
  • memory/4124-138-0x0000000005E60000-0x0000000005E82000-memory.dmp
    Filesize

    136KB

    Download
  • memory/4124-139-0x0000000005F10000-0x0000000005F76000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4124-140-0x0000000005F80000-0x0000000005FE6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4124-142-0x0000000006560000-0x000000000657E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/4124-143-0x0000000007D80000-0x00000000083FA000-memory.dmp
    Filesize

    6.5MB

    Download
  • memory/4124-144-0x0000000006B60000-0x0000000006B7A000-memory.dmp
    Filesize

    104KB

    Download