Overview

overview

10

Static

static

3

k2942044.exe

windows7-x64

10

k2942044.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2023, 15:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    k2942044.exe

  • Size

    184KB

  • MD5

    0b77769e5cbeb1c7d460322c9cd68467

  • SHA1

    9a877fd27efd0ae246a86e00c6bbba45bcc2eb8a

  • SHA256

    6caeba5b3bf9f78d0e3dd6dcb628df9988e406212f5671b185224102b870ecc7

  • SHA512

    e201b84a9ae5de5af8be6e9edb90cf22c98b0e0698593f245d9e3d56b827d9de0af25d16eb80e619efd60f935812dddbe85afe08bfb70c85fb51043f97fa9ec6

  • SSDEEP

    3072:zDKW1LgppLRHMY0TBfJvjcTp5XFhro49dWbD0GbvTFJ3l+h:zDKW1Lgbdl0TBBvjc/Fe0dWvLH3

Score
10/10
evasiontrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\k2942044.exe
    "C:\Users\Admin\AppData\Local\Temp\k2942044.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4644

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4644-133-0x0000000004B60000-0x0000000005104000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/4644-134-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4644-135-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4644-136-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4644-137-0x0000000004AA0000-0x0000000004AB6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4644-138-0x0000000004AA0000-0x0000000004AB6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4644-140-0x0000000004AA0000-0x0000000004AB6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4644-142-0x0000000004AA0000-0x0000000004AB6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4644-144-0x0000000004AA0000-0x0000000004AB6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4644-146-0x0000000004AA0000-0x0000000004AB6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4644-148-0x0000000004AA0000-0x0000000004AB6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4644-150-0x0000000004AA0000-0x0000000004AB6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4644-152-0x0000000004AA0000-0x0000000004AB6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4644-154-0x0000000004AA0000-0x0000000004AB6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4644-156-0x0000000004AA0000-0x0000000004AB6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4644-158-0x0000000004AA0000-0x0000000004AB6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4644-160-0x0000000004AA0000-0x0000000004AB6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4644-162-0x0000000004AA0000-0x0000000004AB6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4644-164-0x0000000004AA0000-0x0000000004AB6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4644-165-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4644-166-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4644-167-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download