e7bf6176eb0f048d92c32f88265fb268e1fcb95c010b8ac561a830b20be0b756

Analysis

max time kernel
134s
max time network
142s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16-06-2023 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe
Size

2.1MB
MD5

fbb17233217f4c478c9ce3907e8dfef2
SHA1

365df15b6950f5f1749cec380ed5bba8c6c227db
SHA256

79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee
SHA512

c5c0d10e38b8e0f8615e2bc024ce862943c71a6ccfa839d64bdf2aafc6b950d7b22e7c4fbe1e55baf97c806b05a278da78d4ebb1fd9d14566bbf05dd92ca13a4
SSDEEP

24576:B/qEChjzz3F8mvKhx68xjf73b3KteFUp9HHJOApt5Xkoe/T31XQn:IECBzzGmMb6IS9JRHXkoeLlgn

Score

7^/10

Malware Config

Signatures

Unexpected DNS network traffic destination 5 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description	ioc
Destination IP	60.205.157.48
Destination IP	60.205.157.48
Destination IP	60.205.157.48
Destination IP	60.205.157.48
Destination IP	60.205.157.48

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe

pid process

912 79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe

pid	process
912	79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe

description	pid	process
Token: SeDebugPrivilege	912	79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe
Token: SeDebugPrivilege	912	79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe

C:\Users\Admin\AppData\Local\Temp\79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe
"C:\Users\Admin\AppData\Local\Temp\79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/912-57-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-61-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-63-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-67-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-69-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-73-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-77-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-79-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-83-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-87-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-89-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-93-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-95-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-99-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-97-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-101-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-91-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-85-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-81-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-75-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-71-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-65-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-59-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-54-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-105-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-107-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-111-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-113-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-117-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-115-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-109-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download
memory/912-103-0x0000000000330000-0x0000000000372000-memory.dmp

Filesize
264KB

Download