Overview

overview

6

Static

static

3

Update_obf.exe

windows7-x64

6

Update_obf.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    1800s
  • max time network
    1803s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2023 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Update_obf.exe

  • Size

    27KB

  • MD5

    654177c45d80f2ae35345a8b787edf38

  • SHA1

    f6a1a028186982e955e73f1968e05387d87368f3

  • SHA256

    c110b4c3f2aaccadee51d7a2a5f5e732204f404148b444aae65a1056d8603872

  • SHA512

    148be201ac783493abd7cdba2fec0f6aa595a7b53dced8b6618ec59c7306a8938bcd4e73ede61d1e2de89a18030ddb10d13d8cea8d4fa6866662b2ad1f9f68ce

  • SSDEEP

    768:BkaeKNZRNmxSDdPgugPDv56zsFcYEKFGlyYdXa4P7ng0:Bk2ZRNm2gHl6JUY04P7nd

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Update_obf.exe
    "C:\Users\Admin\AppData\Local\Temp\Update_obf.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    PID:2044

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2044-54-0x0000000001180000-0x000000000118E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2044-55-0x0000000000B30000-0x0000000000B70000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2044-56-0x0000000000B30000-0x0000000000B70000-memory.dmp

    Filesize

    256KB

    Download