Resubmissions
06-02-2023 08:40
230206-kk236acg99 1006-02-2023 08:37
230206-kjc3mscg93 1006-02-2023 07:50
230206-jpbw4acf42 10Analysis
-
max time kernel
114s -
max time network
104s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
06-02-2023 08:37
General
-
Target
008ad6f06b42fa51f990a67d08a39cae.zip
-
Size
3.3MB
-
MD5
1cefb61bc04d04ac2db1d0dc447cea1a
-
SHA1
0041a52155376c216ebe9544a3ad3197388b0355
-
SHA256
c3704d9a70d0ad5a30590190e69f4748de1e232042bfbd6d43a3ea6f573dc18c
-
SHA512
e9ab6191648c908f3636c41d805aca0b1a9947adcb8a19fac42b3d6e1351b240021d307366a5b005f8cd15164774fe3c5fd390ae26edee7e00ce431669719f89
-
SSDEEP
49152:qWP7+TTAbkk60inpejudKswewO8DphzsDL4kDPDLAkJ7jWqNle:qWwvxndKzewO8Dphzyck7TJ7jWz
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 29 IoCs
-
Suspicious use of SendNotifyMessage 29 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\008ad6f06b42fa51f990a67d08a39cae.zip1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x1bc1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/672-54-0x000007FEFC091000-0x000007FEFC093000-memory.dmpFilesize
8KB
-
memory/672-55-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB