Analysis

  • max time kernel
    23s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    17/01/2023, 10:35

General

  • Target

    1060/364fb9545112672897e074456abf73a6031b313b2939d8eecec0813a5f096dba.exe

  • Size

    1.1MB

  • MD5

    e02aebe02cc62bd5646b4aa5edf81bfe

  • SHA1

    290862deb1558c162725b2ef54e00491dbcf26ff

  • SHA256

    364fb9545112672897e074456abf73a6031b313b2939d8eecec0813a5f096dba

  • SHA512

    37dea18852bfaf65e4b29ce4e060b49a5ccee2fbaaaf8866e028e4d0aff65dc36d2452778fa455804515b23759aeb5bbe798187f468298d1e117a27a38c22415

  • SSDEEP

    24576:4/W2+w7fZm2JSUpB+I/gmwqLY9HK9UnXW3ar9zd2R:4/W2+SfW061m

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1060\364fb9545112672897e074456abf73a6031b313b2939d8eecec0813a5f096dba.exe
    "C:\Users\Admin\AppData\Local\Temp\1060\364fb9545112672897e074456abf73a6031b313b2939d8eecec0813a5f096dba.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2032

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2032-54-0x0000000001290000-0x00000000012DA000-memory.dmp

          Filesize

          296KB

        • memory/2032-55-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

          Filesize

          8KB

        • memory/2032-56-0x0000000000C10000-0x0000000000C5A000-memory.dmp

          Filesize

          296KB