Overview

overview

3

Static

static

fakeobs.zip

windows7-x64

1

fakeobs/7z...64.exe

windows7-x64

1

fakeobs/fake-obs.rar

windows7-x64

3

Analysis

  • max time kernel
    107s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28-01-2023 07:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fakeobs.zip

  • Size

    16.0MB

  • MD5

    da1af987870ba11bf533bed1bf4be654

  • SHA1

    88a4248dade145323970837304f6ecc5111e7068

  • SHA256

    36aa6c6330a5b1b75eebc2c94c548a4810df78ee0662fc98209e8a2d7a512b87

  • SHA512

    e0778ec558ef22eabe26bcf39121d1885713d52e79b072f2d4a2b3db4a75855c7dd28e7f2bc15c5d4b959ce5ac5f4ee21b25165945b667ef4cdaf65a14ed68f6

  • SSDEEP

    393216:V4Zg9LOVy0xyMrsFLyUrklk9Vg+wCmBjWdrgG6KtI9Iabrqar:Z9Lz4rOLHr+t+wCAAgGjtI9fbOw

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\fakeobs.zip
    1⤵
      PID:656
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2036
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x528
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2012

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2036-54-0x000007FEFB6B1000-0x000007FEFB6B3000-memory.dmp

        Filesize

        8KB

        Download