Analysis

  • max time kernel
    60s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/06/2023, 15:16

General

  • Target

    tmp.exe

  • Size

    263KB

  • MD5

    29e8a3f26d102eb5c37dd7598f3e3bbf

  • SHA1

    1ebf17b6699baaaef525d5bcfb6d78c9cea25aad

  • SHA256

    a33d222f6285ac860557eca99adaaced1933018f8301f410ab3a84b2362c532e

  • SHA512

    f75d1f21c29579ba7067005b13f521364c6f071fe28523e520ee5ef9d6b3dc98d8d84a01f28e486e985627e23a1a4d1c39472f87fb7c3975d3b8cc50402588c4

  • SSDEEP

    3072:y46fAbJkIqxquj2L+vfjmCJ7//4coWaRqp5HXrIwlqRys3DILgRQXM/+N:yCuVxqakc/J7/FpaR2XrGys3Ag

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\bes.ini

    Filesize

    24B

    MD5

    0d152f75039053b0e0dbc8b49339f860

    SHA1

    32bc158b35e50b1f32892519a6b84b818fc5d2b1

    SHA256

    1f11472afd14ea50e5d6eb7796f3390d25e8dd2d7e15b546f058fa83810468c2

    SHA512

    9efec609c02211c40155378065311a61c65848c33d912229a26b3c4a810355ed7f2d06d126f868b2fd0cb9bdbad142cbb1cb92673042a6d2b6e9bc54fb79d46b