Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/01/2023, 10:35

General

  • Target

    1060/364fb9545112672897e074456abf73a6031b313b2939d8eecec0813a5f096dba.exe

  • Size

    1.1MB

  • MD5

    e02aebe02cc62bd5646b4aa5edf81bfe

  • SHA1

    290862deb1558c162725b2ef54e00491dbcf26ff

  • SHA256

    364fb9545112672897e074456abf73a6031b313b2939d8eecec0813a5f096dba

  • SHA512

    37dea18852bfaf65e4b29ce4e060b49a5ccee2fbaaaf8866e028e4d0aff65dc36d2452778fa455804515b23759aeb5bbe798187f468298d1e117a27a38c22415

  • SSDEEP

    24576:4/W2+w7fZm2JSUpB+I/gmwqLY9HK9UnXW3ar9zd2R:4/W2+SfW061m

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1060\364fb9545112672897e074456abf73a6031b313b2939d8eecec0813a5f096dba.exe
    "C:\Users\Admin\AppData\Local\Temp\1060\364fb9545112672897e074456abf73a6031b313b2939d8eecec0813a5f096dba.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2008

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2008-132-0x0000000000840000-0x000000000088A000-memory.dmp

          Filesize

          296KB

        • memory/2008-133-0x0000000005800000-0x0000000005DA4000-memory.dmp

          Filesize

          5.6MB

        • memory/2008-134-0x0000000005DB0000-0x0000000005E4C000-memory.dmp

          Filesize

          624KB

        • memory/2008-135-0x0000000005E50000-0x0000000005EE2000-memory.dmp

          Filesize

          584KB

        • memory/2008-136-0x0000000005770000-0x000000000577A000-memory.dmp

          Filesize

          40KB