Analysis
-
max time kernel
41s -
max time network
43s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
01-02-2023 12:28
Static task
static1
Behavioral task
behavioral1
Sample
a/R08iiKo0.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a/R08iiKo0.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
a/R3nzSkin.dll
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
a/R3nzSkin.dll
Resource
win10v2004-20220812-en
General
-
Target
a/R08iiKo0.exe
-
Size
141KB
-
MD5
0082e7566254b628633413da792c0f17
-
SHA1
dff81464fc47e77342e39303281cd00e6481781e
-
SHA256
859c0bab53b455eab1ad7eac3b903f51005f1070a8e02eea655617f3554d2266
-
SHA512
50d7ecae469955a93bd7ba6f22ed5263faa60f6eb4b6a4add877ae36e452d8884a8fb26267890f5118894c9400f9a510ccaa09949a0e6ebce8a528b65f34023e
-
SSDEEP
3072:MQEX2aCZcj/0mxaXvsmSp7pATEbvyQLozLaqoYD:MhKZ6/0mxaXvsmSp7pATEbvy3zLaqo
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe 376 R08iiKo0.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 376 R08iiKo0.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 376 R08iiKo0.exe