Analysis
-
max time kernel
140s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
31-03-2023 05:53
General
-
Target
123.exe
-
Size
2.7MB
-
MD5
732dec385b880a8cca996aa49e009608
-
SHA1
546b512d13f2ca7e9a56c20ebcead7f1d9db4cbe
-
SHA256
de9f2f1d1927bdab4d37dcdd7b1bcfb7ef58b8b756e94dee35636002161f049d
-
SHA512
53e42ecaf680c0be1210f1e9c12d10a5063c6fa60c7551bc6b198f678ed1780b4434bc9e8564892583ecfa964569e91342d0d799b36bb4efdda971e466b3c569
-
SSDEEP
49152:NDlCNBphVPv2K7bTgfcrf/99dJaIVXI2RCWGFvMygeIwGT4kWeoN++tW3ljXhZ:NDleXTdNg70ivttmj
Score
10/10
Malware Config
Extracted
Credentials
Protocol: ftp- Host:
45.151.135.235 - Port:
21 - Username:
123 - Password:
123
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\123.exe"C:\Users\Admin\AppData\Local\Temp\123.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1716-136-0x000000001C0D0000-0x000000001C0E0000-memory.dmpFilesize
64KB
-
memory/1716-135-0x000000001C0D0000-0x000000001C0E0000-memory.dmpFilesize
64KB
-
memory/1716-141-0x000000001C0D0000-0x000000001C0E0000-memory.dmpFilesize
64KB
-
memory/1716-142-0x000000001C0D0000-0x000000001C0E0000-memory.dmpFilesize
64KB
-
memory/1716-143-0x000000001C0D0000-0x000000001C0E0000-memory.dmpFilesize
64KB