Overview

overview

10

Static

static

10

55e070a86b...d1.exe

windows7-x64

55e070a86b...d1.exe

windows10-2004-x64

Analysis

  • max time kernel
    124s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20-12-2022 10:18

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    55e070a86b3ef2488d0e58f945f432aca494bfe65c9c4363d739649225efbbd1.exe

  • Size

    1.6MB

  • MD5

    334fd98ab462edc1274fecdb89fb0791

  • SHA1

    e3496a341c96d77c0ef9bdeec333dd98e2215527

  • SHA256

    55e070a86b3ef2488d0e58f945f432aca494bfe65c9c4363d739649225efbbd1

  • SHA512

    150ff915ace0253dded6ed6ae860bcf2f3a43295cf434ceddf61554597665a159135011694321622d40ca1df3142afb1c6bed8ed61abf244799d820068ae4961

  • SSDEEP

    24576:pBz37bSK2rgyik2VZGiOYnSadiUm6M551SaJkqFYUe3xHj96khCkyITnoXlIEvXX:px6Rvik2VUKnzhQ4IkWXUy

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55e070a86b3ef2488d0e58f945f432aca494bfe65c9c4363d739649225efbbd1.exe
    "C:\Users\Admin\AppData\Local\Temp\55e070a86b3ef2488d0e58f945f432aca494bfe65c9c4363d739649225efbbd1.exe"
    1⤵
      PID:1760
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:336
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x54c
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1460
      • C:\Windows\SysWOW64\mshta.exe
        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\GetUnprotect.hta"
        1⤵
        • Modifies Internet Explorer settings
        PID:1540
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x0
        1⤵
          PID:1008
        • C:\Windows\system32\LogonUI.exe
          "LogonUI.exe" /flags:0x1
          1⤵
            PID:1536

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/336-54-0x000007FEFB901000-0x000007FEFB903000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1540-55-0x0000000075C51000-0x0000000075C53000-memory.dmp

            Filesize

            8KB

            Download