Overview

overview

10

Static

static

$RECYCLE.B...T6.exe

windows7-x64

$RECYCLE.B...T6.exe

windows10-2004-x64

$RECYCLE.B...T6.exe

windows7-x64

10

$RECYCLE.B...T6.exe

windows10-2004-x64

10

67_03_635_PDF.exe

windows7-x64

1

67_03_635_PDF.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    156s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-12-2022 15:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67_03_635_PDF.exe

  • Size

    3.0MB

  • MD5

    147c968922ab4d76d5b63ea9514bff69

  • SHA1

    4ea9cf1c7703e3f0ed5a7be291dc27b44230d771

  • SHA256

    7b384d4cad84fa53ded2466e2600f2658b85f66d7155cf4895d1f81810c82ca5

  • SHA512

    2f7146db39f13edd8ff10aebaa554366fcf33754521b25d29e354bfb4e29f9f2b22438a847f3c52b736791237191214e718bd8b361dcd6b2b8ccecdcebdd2391

  • SSDEEP

    98304:y81XfekfvDqec/kf3MuR38VDRkB00XWz+pGi:y8ZWQOLsf52V1k+0I

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\67_03_635_PDF.exe
    "C:\Users\Admin\AppData\Local\Temp\67_03_635_PDF.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3400-132-0x0000000000FB0000-0x00000000012BC000-memory.dmp

    Filesize

    3.0MB

    Download