Analysis

  • max time kernel
    138s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/01/2023, 10:35

General

  • Target

    1060/d71d4f7a18e93069f0ad7c6631f49e122710fd4c66e4e91aa8c7c03dd4bc0d2a.exe

  • Size

    13KB

  • MD5

    002ece8b4fed339417ec90651c2ffd97

  • SHA1

    5aeaffaa1e85c990b9a9949fa116e3f5fd32be7c

  • SHA256

    d71d4f7a18e93069f0ad7c6631f49e122710fd4c66e4e91aa8c7c03dd4bc0d2a

  • SHA512

    81c909c6dd349498bed3c1dba045741a280486ad5d6f643dbab0bb2693fe0f9f59932a1979d79083757a72032665c905875cd3ef0485e0e5a9cdbf9ecb619d5f

  • SSDEEP

    192:g0A8xD9so8ZJtRgNJP/fCT6JI3a/95yNSSo0PKG22N6Zx2BpyYjkZ:gpaRso8Z/RgNpnCWJmaeNDkGrmcI

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1060\d71d4f7a18e93069f0ad7c6631f49e122710fd4c66e4e91aa8c7c03dd4bc0d2a.exe
    "C:\Users\Admin\AppData\Local\Temp\1060\d71d4f7a18e93069f0ad7c6631f49e122710fd4c66e4e91aa8c7c03dd4bc0d2a.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:5008

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/5008-132-0x0000000000D60000-0x0000000000D6A000-memory.dmp

          Filesize

          40KB

        • memory/5008-133-0x0000000005C80000-0x00000000062A8000-memory.dmp

          Filesize

          6.2MB

        • memory/5008-134-0x00000000056D0000-0x0000000005706000-memory.dmp

          Filesize

          216KB

        • memory/5008-135-0x0000000005690000-0x000000000569A000-memory.dmp

          Filesize

          40KB

        • memory/5008-136-0x0000000005B40000-0x0000000005B5A000-memory.dmp

          Filesize

          104KB

        • memory/5008-137-0x0000000006930000-0x0000000006FAA000-memory.dmp

          Filesize

          6.5MB

        • memory/5008-138-0x00000000062B0000-0x0000000006346000-memory.dmp

          Filesize

          600KB

        • memory/5008-139-0x0000000005BD0000-0x0000000005BF2000-memory.dmp

          Filesize

          136KB

        • memory/5008-140-0x0000000006350000-0x00000000063B6000-memory.dmp

          Filesize

          408KB

        • memory/5008-141-0x0000000007560000-0x0000000007B04000-memory.dmp

          Filesize

          5.6MB

        • memory/5008-142-0x00000000063C0000-0x00000000063DE000-memory.dmp

          Filesize

          120KB

        • memory/5008-143-0x0000000006430000-0x000000000647A000-memory.dmp

          Filesize

          296KB

        • memory/5008-144-0x00000000080E0000-0x0000000008146000-memory.dmp

          Filesize

          408KB

        • memory/5008-145-0x00000000080B0000-0x00000000080D2000-memory.dmp

          Filesize

          136KB