Analysis

  • max time kernel
    124s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-01-2023 00:49

General

  • Target

    unpacme/test.exe

  • Size

    638KB

  • MD5

    bcf49744ba4944dc810f4185ab8a9d50

  • SHA1

    cf32e495575bee1e9382f7e4ac34674b9aec47b4

  • SHA256

    ad313baf55b55cd37d1d7dc6db9a8d60783b77d187430c043b1e2fcf4ae6b064

  • SHA512

    9307abb61485930e6008e930f71a6472ff2041202213edc580c6a06825d2d76519d0fa82e4250478dcfd12867ddbd9ca9e8c6fd553b0887e3fdd0e61cc7b988f

  • SSDEEP

    12288:ksqQ30A60bBykAY/qmsz1TNetLiWMVbem8LPF:ksQwz/qm4N4LLx9

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\unpacme\test.exe
    "C:\Users\Admin\AppData\Local\Temp\unpacme\test.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2644

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2644-132-0x0000000000900000-0x00000000009A6000-memory.dmp

    Filesize

    664KB

  • memory/2644-133-0x00000000059F0000-0x0000000005F94000-memory.dmp

    Filesize

    5.6MB

  • memory/2644-134-0x0000000005390000-0x0000000005422000-memory.dmp

    Filesize

    584KB

  • memory/2644-135-0x0000000005440000-0x00000000054A6000-memory.dmp

    Filesize

    408KB