Analysis
-
max time kernel
141s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
25-02-2023 19:02
Behavioral task
behavioral1
Sample
60ed90e27c121a5195e564c5b727b859beac2d917bc4a3b4f6ad106fe3b48fa3.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
60ed90e27c121a5195e564c5b727b859beac2d917bc4a3b4f6ad106fe3b48fa3.exe
Resource
win10v2004-20230221-en
General
-
Target
60ed90e27c121a5195e564c5b727b859beac2d917bc4a3b4f6ad106fe3b48fa3.exe
-
Size
434KB
-
MD5
3cfc6093142bee0e505c8bfd90cef5de
-
SHA1
3e5868750304db8c4a7a5b883406d97bc4d443d3
-
SHA256
60ed90e27c121a5195e564c5b727b859beac2d917bc4a3b4f6ad106fe3b48fa3
-
SHA512
bf1f49b52629dd77e1302ba17638fa0119e823bac5e8da46424c7d41a6eb9199e28da6cfda6719b51cb9d12ee886be68b270fcf3979bff1a2d62e852c704c365
-
SSDEEP
6144:MupiU0upGSmSNS+n1quiICcuD6ZvMGp+HbGjU14KLLQSSI8SgTkxsVe8p:MupjBS+nMu7ED6ZMtbe9u5LIgS
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
60ed90e27c121a5195e564c5b727b859beac2d917bc4a3b4f6ad106fe3b48fa3.exedescription pid process Token: SeDebugPrivilege 2788 60ed90e27c121a5195e564c5b727b859beac2d917bc4a3b4f6ad106fe3b48fa3.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
60ed90e27c121a5195e564c5b727b859beac2d917bc4a3b4f6ad106fe3b48fa3.exepid process 2788 60ed90e27c121a5195e564c5b727b859beac2d917bc4a3b4f6ad106fe3b48fa3.exe 2788 60ed90e27c121a5195e564c5b727b859beac2d917bc4a3b4f6ad106fe3b48fa3.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\60ed90e27c121a5195e564c5b727b859beac2d917bc4a3b4f6ad106fe3b48fa3.exe"C:\Users\Admin\AppData\Local\Temp\60ed90e27c121a5195e564c5b727b859beac2d917bc4a3b4f6ad106fe3b48fa3.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2788-134-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB
-
memory/2788-135-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB
-
memory/2788-133-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB
-
memory/2788-136-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB
-
memory/2788-137-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB
-
memory/2788-138-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB
-
memory/2788-139-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB
-
memory/2788-140-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB
-
memory/2788-141-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB
-
memory/2788-142-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB
-
memory/2788-143-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB
-
memory/2788-145-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB
-
memory/2788-146-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB
-
memory/2788-147-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB
-
memory/2788-148-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB
-
memory/2788-149-0x0000000000400000-0x000000000052E000-memory.dmpFilesize
1.2MB