Overview

overview

8

Static

static

a2f25ae138...52.exe

windows7-x64

a2f25ae138...52.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    1s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2022 10:23

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Reading agent response: read tcp 10.127.0.1:52802->10.127.0.25:8000: read: connection reset by peer
Report Analysis Logs

General

  • Target

    a2f25ae138e96bb9821959847371a613e6ca378e2314000cdffd4b98d7e6aa52.exe

  • Size

    80KB

  • MD5

    c04ef8bc00d27ef1a00c76bc87f31b63

  • SHA1

    5ddae4e0300daafe71c6116653a972d2b390344c

  • SHA256

    a2f25ae138e96bb9821959847371a613e6ca378e2314000cdffd4b98d7e6aa52

  • SHA512

    513d7c00be30d1503f881a4449abe62e20bb9a26281437ec68d6536ff862c0efb1f1fe992b871ba2de95da6af97ceb1321e44841cea4285f59f3ff2b40e47b6a

  • SSDEEP

    1536:B4OslC5xUp7A9DbPT5ZmfM5QOjAp8SxwfKtap4d+bakPMb7o5JlIp:/8C5qmND9c05QOjAp8SxGK+bx0b7o5Jo

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2f25ae138e96bb9821959847371a613e6ca378e2314000cdffd4b98d7e6aa52.exe
    "C:\Users\Admin\AppData\Local\Temp\a2f25ae138e96bb9821959847371a613e6ca378e2314000cdffd4b98d7e6aa52.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:812
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2032

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/812-54-0x0000000075131000-0x0000000075133000-memory.dmp

      Filesize

      8KB

      Download

    • memory/812-55-0x0000000001000000-0x0000000001016000-memory.dmp

      Filesize

      88KB

      Download

    • memory/812-57-0x0000000001000000-0x0000000001016000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2032-56-0x000007FEFB6B1000-0x000007FEFB6B3000-memory.dmp

      Filesize

      8KB

      Download