Overview

overview

1

Static

static

1

KMSEmulator.zip

windows7-x64

1

KMSEmulator.zip

windows10-1703-x64

1

Resubmissions

22/03/2023, 07:15 UTC

230322-h3gh3ahd4v 1

22/03/2023, 05:29 UTC

230322-f6pyhaha3t 1

Analysis

  • max time kernel
    57s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2023, 07:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KMSEmulator.zip

  • Size

    73KB

  • MD5

    c5cbac9fc0f4d04c3cd49e64157f61b0

  • SHA1

    07b272a539f0686374a426b3eef334bac8091056

  • SHA256

    4cec086a251f22b78e26d0c5eeaf31babff881a3f7565975bf22376f30338366

  • SHA512

    afa60c44bb1a7cf1396fc9a26f52d80a9e5189e92ba830855c19e9998dc8b226033ee2369503f7d8fa78a71885aec1d0cb57bd66288bbd3021f88432017b203e

  • SSDEEP

    1536:NBn6wrL5wsX/Jd3TqAbsOBPeZ4hkva083cvrTwX05zBQllR/2hbkLKSh:+wP5wYzd4OI48l834rskFBOlt

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\KMSEmulator.zip
    1⤵
      PID:1696
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:272
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x51c
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1816

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.