662947c98f038cd5af770b35895e41c4fb257af484a1b03b88be663427f74eb4 | Triage

Analysis

max time kernel
28s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15-05-2023 09:20

Sharing

Report Analysis Logs

General

Target

oppenss.exe
Size

148KB
MD5

5a122e86a8f134e42ebae8510404df3d
SHA1

a03782c1fa732ba7d829c3e5b852fcdc06a0bf5d
SHA256

7e6d0f14302662f52e4379eb5b69a3749d8597e8f61266aeda74611258972a3d
SHA512

d139f9769e915a2ec0dbba71c862dc2ffdb47386b0487f83dbe3ffe5453a48e550548c3480b9e01045777d20647fea0d3535a379f9037f8bd8522e5dee4fc02b
SSDEEP

3072:7j30Vm402mSPUnWcSblTRe4R3YLsrFekDsoPd754oieP:K8SPlcmTQy3YyJ545e

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1552	oppenss.exe
1552	oppenss.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1552	oppenss.exe
Token: SeDebugPrivilege	1552	oppenss.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1552	oppenss.exe
1552	oppenss.exe

C:\Users\Admin\AppData\Local\Temp\oppenss.exe
"C:\Users\Admin\AppData\Local\Temp\oppenss.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads