Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2023, 06:23

General

  • Target

    Kkoetzuo.exe

  • Size

    745KB

  • MD5

    d0fea0443b598ea2060e7ad1fb4c5b8e

  • SHA1

    bed77ada64b77184047eff265b75bd71f8136f41

  • SHA256

    6894f623dddd03e3be59b6785c21962cf71686a215e2db68f83f621b01afa7ef

  • SHA512

    c6e73a7ba6c713e286a45f2b34dd6eb84e0226b57045175449a4460fc622d791bd1ce781da0ffe296385decfaeb1550da2700604223a43022dd3cabc4fb9543f

  • SSDEEP

    12288:SNnRIRp4ejE8krkBs5Omc1sth2pC+Fnsga0GcxgE/2:KYJkrkY41sthGGc1/

Score
9/10

Malware Config

Signatures

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Kkoetzuo.exe
    "C:\Users\Admin\AppData\Local\Temp\Kkoetzuo.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2660

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2660-54-0x000007FEF5DF0000-0x000007FEF67DC000-memory.dmp

          Filesize

          9.9MB

        • memory/2660-55-0x0000000001000000-0x00000000010BE000-memory.dmp

          Filesize

          760KB

        • memory/2660-56-0x000000001B410000-0x000000001B490000-memory.dmp

          Filesize

          512KB

        • memory/2660-57-0x000007FEF5DF0000-0x000007FEF67DC000-memory.dmp

          Filesize

          9.9MB

        • memory/2660-58-0x000000001B410000-0x000000001B490000-memory.dmp

          Filesize

          512KB