Overview

overview

10

Static

static

65e509ba0e...9772bf

windows7-x64

1

65e509ba0e...9772bf

windows10-2004-x64

10

Analysis

  • max time kernel
    123s
  • max time network
    89s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19-12-2022 21:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65e509ba0ec10d28c4183dbb7910374e4ec664bdd276e37d9c0ca2ce479772bf

  • Size

    2.7MB

  • MD5

    2a52de53972a801102ebf18f68a152f5

  • SHA1

    335d037805e52deb3b604cb0838c4f8bf6f67fec

  • SHA256

    65e509ba0ec10d28c4183dbb7910374e4ec664bdd276e37d9c0ca2ce479772bf

  • SHA512

    862e4d9eb09c59bd661dee3fe6914b1e7b88c1a99f353da6c3de310a9d1abf2c09d71ef12f375ce7e3a155909454d1d7ae7afedb1318746e443b188e71c67c8d

  • SSDEEP

    24576:+wkH3QY3UZp/g+/GomPS0AuYOW+EzI7L/Cge89x0Jh23NFEi:+5AMUHsJAuYOWnzGi89mJh2dFEi

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\65e509ba0ec10d28c4183dbb7910374e4ec664bdd276e37d9c0ca2ce479772bf
    1⤵
      PID:980
    • C:\Windows\system32\verclsid.exe
      "C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x401
      1⤵
        PID:1348
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\65e509ba0ec10d28c4183dbb7910374e4ec664bdd276e37d9c0ca2ce479772bf\" -spe -an -ai#7zMap11079:208:7zEvent18263
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:1876
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x580
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1400
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\" -an -ai#7zMap8915:208:7zEvent749
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:988

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1348-54-0x000007FEFB931000-0x000007FEFB933000-memory.dmp
        Filesize

        8KB

        Download