Analysis
-
max time kernel
212s -
max time network
220s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
01/12/2022, 09:13
General
-
Target
e0aef12b5add650469602f565833f554a380ede2f1ca0e0d1f21e35d1c4384fb.exe
-
Size
129KB
-
MD5
077d1dd4556d145108d75b08b9c5b6c4
-
SHA1
a7d57b234b518e44836d80bf96e424f6776dbb3c
-
SHA256
e0aef12b5add650469602f565833f554a380ede2f1ca0e0d1f21e35d1c4384fb
-
SHA512
7cbff5548898757f1fff506e00b8c0794ff42e10a3f78774d97f5be41b794f8f8912b2ff48cc83aadbb11e03c66ad12d39dab1eceded9b5d1df36bc7fe901272
-
SSDEEP
3072:+R0h/lwCrnR3HWtId+VO91I2X3ymXJ+eoYxGA/jH:i0saR3HfQVuqbmXJ+FMGAb
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Unexpected DNS network traffic destination 6 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e0aef12b5add650469602f565833f554a380ede2f1ca0e0d1f21e35d1c4384fb.exe"C:\Users\Admin\AppData\Local\Temp\e0aef12b5add650469602f565833f554a380ede2f1ca0e0d1f21e35d1c4384fb.exe"1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe"2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
-
Filesize
124KB
-
Filesize
56KB