6150103d7e7d41af7f721e6623364abee19cf36ab27adcf9a081c22a3f24baca

Analysis

max time kernel
27s
max time network
30s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2023 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ReksFN_launcher.exe
Size

11.0MB
MD5

8e3988bdb5dba0a76ea03743d6f7271b
SHA1

6c72238a63e1bfb3968ac5f8184c9cbd36646de0
SHA256

6150103d7e7d41af7f721e6623364abee19cf36ab27adcf9a081c22a3f24baca
SHA512

a48bdea9757d0d21d7990e55951f89fe35ed1ff02c6e911936506f3f985f45872fd84adc55f971817d3335263e4d3d129b41dadf1f5dcdf20c3e842fa276b481
SSDEEP

196608:kSuOXPzRC8Aiga3IvJwIvKyRCD3gUulSXPvtDEf7YND3ldDkufm:HTFCdTvKR3gUuEX3uYNlpfm

Score

1^/10

Malware Config

Signatures

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Colors	ReksFN_launcher.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
4800	ReksFN_launcher.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4800	ReksFN_launcher.exe

C:\Users\Admin\AppData\Local\Temp\ReksFN_launcher.exe
"C:\Users\Admin\AppData\Local\Temp\ReksFN_launcher.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4800-132-0x0000000000BB0000-0x00000000016B2000-memory.dmp

Filesize
11.0MB

Download
memory/4800-133-0x000000000F6A0000-0x000000000F6C6000-memory.dmp

Filesize
152KB

Download
memory/4800-134-0x000000000F640000-0x000000000F648000-memory.dmp

Filesize
32KB

Download
memory/4800-135-0x000000000F670000-0x000000000F67A000-memory.dmp

Filesize
40KB

Download
memory/4800-136-0x00000000106A0000-0x0000000010CC8000-memory.dmp

Filesize
6.2MB

Download
memory/4800-137-0x0000000010620000-0x0000000010642000-memory.dmp

Filesize
136KB

Download
memory/4800-138-0x00000000080E0000-0x000000000819A000-memory.dmp

Filesize
744KB

Download
memory/4800-139-0x0000000009630000-0x000000000964A000-memory.dmp

Filesize
104KB

Download
memory/4800-140-0x0000000009690000-0x00000000096C6000-memory.dmp

Filesize
216KB

Download
memory/4800-141-0x0000000010ED0000-0x000000001154A000-memory.dmp

Filesize
6.5MB

Download
memory/4800-142-0x0000000009770000-0x0000000009806000-memory.dmp

Filesize
600KB

Download
memory/4800-143-0x0000000009700000-0x0000000009722000-memory.dmp

Filesize
136KB

Download
memory/4800-144-0x0000000009880000-0x00000000098E6000-memory.dmp

Filesize
408KB

Download
memory/4800-145-0x0000000011550000-0x0000000011AF4000-memory.dmp

Filesize
5.6MB

Download
memory/4800-146-0x0000000009830000-0x000000000984E000-memory.dmp

Filesize
120KB

Download
memory/4800-147-0x0000000009940000-0x000000000998A000-memory.dmp

Filesize
296KB

Download
memory/4800-148-0x000000000A110000-0x000000000A176000-memory.dmp

Filesize
408KB

Download
memory/4800-149-0x0000000012840000-0x0000000012D6C000-memory.dmp

Filesize
5.2MB

Download
memory/4800-150-0x0000000016A40000-0x0000000016A48000-memory.dmp

Filesize
32KB

Download
memory/4800-151-0x0000000012650000-0x0000000012688000-memory.dmp

Filesize
224KB

Download
memory/4800-152-0x0000000012620000-0x000000001262E000-memory.dmp

Filesize
56KB

Download