Analysis
-
max time kernel
103s -
max time network
184s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
02/12/2022, 22:46
Static task
static1
Behavioral task
behavioral1
Sample
92d0566845e3aa6286d7817870c297ca367e820cb96da592c7d71e38366ee601.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
92d0566845e3aa6286d7817870c297ca367e820cb96da592c7d71e38366ee601.exe
Resource
win10v2004-20220812-en
General
-
Target
92d0566845e3aa6286d7817870c297ca367e820cb96da592c7d71e38366ee601.exe
-
Size
28KB
-
MD5
754638fee0f0ecf98c4a3e62d3108005
-
SHA1
492d31f35d4dd34fbf59e62e2c4c8888511c9e68
-
SHA256
92d0566845e3aa6286d7817870c297ca367e820cb96da592c7d71e38366ee601
-
SHA512
18a33d4780a89c7ab463fc4653ddd0757ac8a99f8e7940cd60f19c6e47d18887a73db1187f8f60451cce2d3d12bd336dc39529d27545d6627a682668e6d0071f
-
SSDEEP
384:kWMHJcf1MX7P1GFlbXmk+cJINEf11e4CpbfC:lMKf1K1GFl7mwtEfC
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1808 92d0566845e3aa6286d7817870c297ca367e820cb96da592c7d71e38366ee601.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1808 92d0566845e3aa6286d7817870c297ca367e820cb96da592c7d71e38366ee601.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\92d0566845e3aa6286d7817870c297ca367e820cb96da592c7d71e38366ee601.exe"C:\Users\Admin\AppData\Local\Temp\92d0566845e3aa6286d7817870c297ca367e820cb96da592c7d71e38366ee601.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1808