Overview

overview

6

Static

static

3

Maze.exe

windows7-x64

3

Maze.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    53s
  • max time network
    61s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-05-2023 09:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Maze.exe

  • Size

    405KB

  • MD5

    90f6964889e76843cf42c4284db3d245

  • SHA1

    3ba802e59f48b3f6dae1c237edd5d41848be10e0

  • SHA256

    5f8b29e7c8f8bfa78b685c3a572b69dffbc52c0581b7872fe2166b2860a7ba19

  • SHA512

    910cd47e05ca2c5bd573851d738942f9735536c73ac459c499bdd96c20ca3320a23584e643ac69d104154632dde2ddd786ffca05ce8e41b9ad4fc2e4f6c77bc1

  • SSDEEP

    6144:sdjiklFfy93i6eT7Wu1AbseZkGGSAldub9Q+hKw:8ikbfy93i6C71GES0E

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Maze.exe
    "C:\Users\Admin\AppData\Local\Temp\Maze.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:384

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/384-133-0x0000000000E20000-0x0000000000E88000-memory.dmp

    Filesize

    416KB

    Download

  • memory/384-134-0x000000001BBB0000-0x000000001BD72000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/384-135-0x0000000002FD0000-0x0000000002FE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/384-136-0x000000001CFB0000-0x000000001D4D8000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/384-137-0x0000000002FD0000-0x0000000002FE0000-memory.dmp

    Filesize

    64KB

    Download