Overview

overview

10

Static

static

351900b696...d5.exe

windows7-x64

10

351900b696...d5.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    02/12/2022, 00:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    351900b6967eb047808a1221ff8dfdc8aabb9572e5c770a65c8aa684488cdbd5.exe

  • Size

    321KB

  • MD5

    11c331aa2a83af7358b86b747f7d6854

  • SHA1

    e039a67b67851922e7bd4f40866756a78e96d95a

  • SHA256

    351900b6967eb047808a1221ff8dfdc8aabb9572e5c770a65c8aa684488cdbd5

  • SHA512

    4002c79afd11f56e283a901ed3b35c258fa166ef91585dbab6bd71cca32553b447b646a5c9b59f8b0acd12bb57f75b4626c8b15acf8035f0f63c585bf174ff83

  • SSDEEP

    6144:nTFvhumXZoYt+8wBGUErC36rFd8ya010nvhrTugoYtGg92Iv:lhuG+Tw06rFd8c10nUgoKdz

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\351900b6967eb047808a1221ff8dfdc8aabb9572e5c770a65c8aa684488cdbd5.exe
    "C:\Users\Admin\AppData\Local\Temp\351900b6967eb047808a1221ff8dfdc8aabb9572e5c770a65c8aa684488cdbd5.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Adds Run key to start application
    • Modifies WinLogon
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:960

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/960-54-0x00000000757A1000-0x00000000757A3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/960-55-0x000000007EF40000-0x000000007EFA9000-memory.dmp

    Filesize

    420KB

    Download

  • memory/960-56-0x0000000001F40000-0x0000000001FF2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/960-57-0x0000000001F40000-0x0000000001FF2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/960-61-0x0000000001F40000-0x0000000001FF2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/960-59-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/960-58-0x0000000001F40000-0x0000000001FF2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/960-62-0x0000000001F40000-0x0000000001FF2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/960-64-0x0000000001F40000-0x0000000001FF2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/960-65-0x00000000026D0000-0x0000000002788000-memory.dmp

    Filesize

    736KB

    Download

  • memory/960-66-0x000000007EF40000-0x000000007EFA9000-memory.dmp

    Filesize

    420KB

    Download

  • memory/960-67-0x00000000026D0000-0x0000000002788000-memory.dmp

    Filesize

    736KB

    Download