Overview

overview

7

Static

static

1

WinTroyBuilder.exe

windows7-x64

7

WinTroyBuilder.exe

windows10-2004-x64

1

Resubmissions

08-02-2023 04:17

230208-ewg98shb88 1

08-02-2023 04:10

230208-ervprsge81 7

02-02-2023 17:55

230202-whhsaagf32 10

Analysis

  • max time kernel
    106s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-02-2023 04:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WinTroyBuilder.exe

  • Size

    2.8MB

  • MD5

    3d46955ab2275455a983c1c327835366

  • SHA1

    c18655daaaa564c2f4f2932f561f885cb1aff36b

  • SHA256

    9bf03a8f81f0c51e9f1a9cd6016ecccf7443c1559e4e4b44547b8a13521b152a

  • SHA512

    8d28dbc134d78b3ae21bf125a1eab81e6c9ab7d57c5148b3e0ac10dd40b76fe24b6846131f0224fb13d84cb0fe16f8d88cc5c97c5bbea5ec9e00960205c04332

  • SSDEEP

    49152:fOPSa4ZImzdAxZmKLEb+T+VY07d7AidLAbbtwSjugkKNJxeWsoDjLX:fraitzdAfBEa0AiLAbbO0ugk8V

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WinTroyBuilder.exe
    "C:\Users\Admin\AppData\Local\Temp\WinTroyBuilder.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/532-132-0x000001DBEE380000-0x000001DBEE654000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/532-133-0x00007FFA31BE0000-0x00007FFA326A1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/532-134-0x00007FFA31BE0000-0x00007FFA326A1000-memory.dmp

    Filesize

    10.8MB

    Download