Overview

overview

1

Static

static

1

logon.exe

windows7-x64

1

logon.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    83s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    20/03/2023, 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    logon.exe

  • Size

    408KB

  • MD5

    5b64620d1d135fdff59e4e02f3c4b709

  • SHA1

    1d11a59f401f589473670c394ef715ee5ac96c91

  • SHA256

    db35f7e2815e272dfac9624c0f41f0a0f6d634b0735615b11387ac9bc8be5064

  • SHA512

    050a7bdefc66bdf2bab4c6f144d25a20a2fd0ab7aef70c1612db08c43edb5cde5ffc33f83a6d80cd02bc95517577fdf8e3add9f9074e5103736c90d8fa1ef053

  • SSDEEP

    6144:V3xQgqQ6obq2vSc9m3KJvcCZew4j9U8YYFAmgt/pUXLR3x2X+RoULBbcu:rQgLJFqc9mv9NYcAmgMXloyoULH

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\logon.exe
    "C:\Users\Admin\AppData\Local\Temp\logon.exe"
    1⤵
      PID:1232
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1336
      • C:\Windows\system32\netsh.exe
        netsh lan
        2⤵
          PID:2000
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x498
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:336

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\.logon\login.log
        Filesize

        432B

        MD5

        875804270d3d80d636277403a1e3d017

        SHA1

        d7635083a4d16b8cc2f792bb9330e3d15d383b9e

        SHA256

        f2cb1db63dea3be9a2a64e47bd03845bd0c7cd625a6ca2786915f4a59cce5d62

        SHA512

        efbd0f1832876ea1010fe9e93676c78c39c03d8e775dfcb6bcc5af646ab9a89e84032b8e4fd69d2730742a4f0ea29389b029a8958a0a3c5d90f202db863d90c6

        Download Submit

      • C:\Users\Admin\AppData\Roaming\.logon\login.log
        Filesize

        1KB

        MD5

        6eb48473d9afedbfd176782d30827c81

        SHA1

        3581337272eddd239a292ca69520db5190a69f04

        SHA256

        dae73d312ef530a4b609b51bfe4c4a49574676c9e6f52bc849b6b81dda711adf

        SHA512

        b466fa03a7c1c221a6f14840d0e5dea15e5f5b09275d402eb7e30f97faf58afbd565ba6b561764edd6b29bb0f5b7636caebeab45696992914adad0dfbe649c10

        Download Submit