Overview

overview

10

Static

static

1

yEkCN.exe

windows7-x64

10

yEkCN.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    84s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2023, 12:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    yEkCN.exe

  • Size

    1.3MB

  • MD5

    a02708781104660c2565fc98568c0a9d

  • SHA1

    1ed8a590b5e9059bd3f3f31dd92b2bea74344e1e

  • SHA256

    98b4e4b762a58fa6f209225a2a6a4f426e9be840f455969be7f44db90e8843b4

  • SHA512

    f44aa71f6edecd2444e4817d1c2e5c1b40cd0b1708b225bfb7d10a67773cdeafd52a4076ba7c6d593095a6cf4b1619c97a7a90114bf8431a57d637925b375a27

  • SSDEEP

    12288:2SiimZ8UtWShbopAJkP3HMFWXistbv9CMNDC70dDLgU1jztYPR1tnMSqvqVHXkbL:24XAuMsS6v9C4DCYxt5K/FMGJ86G

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\yEkCN.exe
    "C:\Users\Admin\AppData\Local\Temp\yEkCN.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:800
    • C:\Users\Admin\AppData\Local\Temp\yEkCN.exe
      "C:\Users\Admin\AppData\Local\Temp\yEkCN.exe"
      2⤵
        PID:3704
      • C:\Users\Admin\AppData\Local\Temp\yEkCN.exe
        "C:\Users\Admin\AppData\Local\Temp\yEkCN.exe"
        2⤵
          PID:4152
        • C:\Users\Admin\AppData\Local\Temp\yEkCN.exe
          "C:\Users\Admin\AppData\Local\Temp\yEkCN.exe"
          2⤵
            PID:4244
          • C:\Users\Admin\AppData\Local\Temp\yEkCN.exe
            "C:\Users\Admin\AppData\Local\Temp\yEkCN.exe"
            2⤵
              PID:2044
            • C:\Users\Admin\AppData\Local\Temp\yEkCN.exe
              "C:\Users\Admin\AppData\Local\Temp\yEkCN.exe"
              2⤵
                PID:1288

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/800-133-0x0000000000D10000-0x0000000000E5C000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/800-134-0x0000000008280000-0x0000000008824000-memory.dmp

              Filesize

              5.6MB

              Download

            • memory/800-135-0x0000000007D70000-0x0000000007E02000-memory.dmp

              Filesize

              584KB

              Download

            • memory/800-136-0x0000000007CF0000-0x0000000007CFA000-memory.dmp

              Filesize

              40KB

              Download

            • memory/800-137-0x0000000007FA0000-0x0000000007FB0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/800-138-0x0000000007FA0000-0x0000000007FB0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/800-139-0x0000000005E70000-0x0000000005F0C000-memory.dmp

              Filesize

              624KB

              Download