Overview

overview

8

Static

static

d0ee3320e7...64.exe

windows7-x64

d0ee3320e7...64.exe

windows10-2004-x64

Analysis

  • max time kernel
    1s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2022, 23:22

Sharing

Copy URL Twitter E-mail

Errors

Reason
Reading agent response: read tcp 10.127.0.1:35700->10.127.0.16:8000: read: connection reset by peer
Report Analysis Logs

General

  • Target

    d0ee3320e72e3e710d83884e514fb24b2246369d6f4846c8c9910b253c55ca64.exe

  • Size

    84KB

  • MD5

    dc8923a3b7ba1a6192fc8bdf71573992

  • SHA1

    fd6cd25577eb1f961beb6c256461c6b34acce4e5

  • SHA256

    d0ee3320e72e3e710d83884e514fb24b2246369d6f4846c8c9910b253c55ca64

  • SHA512

    e5cc013002448e6eb743fde79cb7d95c77bbd9ca4bb354295e7285b67c81339c1df758cfed0d4c33f19bffd494c89ffccddd73d0425d2f73578bf1e6ca892c18

  • SSDEEP

    1536:OtMB0SLN2DrXA5JQmbMN5tCjFOXKdkLm4XPsyGE924UK7p8XR3VZV7oWoht5SvF2:82FJ2I5ZoRYFOXHqhyGE/UZTZ6T5I9Le

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0ee3320e72e3e710d83884e514fb24b2246369d6f4846c8c9910b253c55ca64.exe
    "C:\Users\Admin\AppData\Local\Temp\d0ee3320e72e3e710d83884e514fb24b2246369d6f4846c8c9910b253c55ca64.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1204
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2044

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1204-54-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1204-55-0x0000000001000000-0x0000000001016000-memory.dmp

            Filesize

            88KB

            Download

          • memory/1204-57-0x0000000001000000-0x0000000001016000-memory.dmp

            Filesize

            88KB

            Download

          • memory/2044-56-0x000007FEFB741000-0x000007FEFB743000-memory.dmp

            Filesize

            8KB

            Download