Analysis
-
max time kernel
188s -
max time network
192s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
05/12/2022, 05:36
General
-
Target
a743f22dfc0677a7e772e9aea1614319fd6d0909ecbc259ba95068d731484df3.exe
-
Size
180KB
-
MD5
f4b104afd42a910ca2ae2b6a573f69ee
-
SHA1
1ba774cd9a50ac41b7d21eb37a910a15efa035ea
-
SHA256
a743f22dfc0677a7e772e9aea1614319fd6d0909ecbc259ba95068d731484df3
-
SHA512
e71bc432e2dd4b4de79b971b4fe6af3f05dc16c7c7c594fac8b31c656ab780136495bedc405117623f3e40ce0327d5cccae12a28016e4ad2c9a7eca072b687bb
-
SSDEEP
3072:sqGpfKTFN5/E/9L8jYmWaz1huMXj28iJ844YiFxEgiqdpT6qdvseGrzS3VztV5zp:sbfKThclQs/apkMT28ZVtdpdseDFx6L8
Score
8/10
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs 3 IoCs
-
Unexpected DNS network traffic destination 8 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Modifies registry class 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\a743f22dfc0677a7e772e9aea1614319fd6d0909ecbc259ba95068d731484df3.exe"C:\Users\Admin\AppData\Local\Temp\a743f22dfc0677a7e772e9aea1614319fd6d0909ecbc259ba95068d731484df3.exe"2⤵
- Registers COM server for autorun
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
-
Filesize
236KB
-
Filesize
140KB
-
Filesize
236KB
-
Filesize
140KB