Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    03/08/2023, 07:04

General

  • Target

    Refbkefruvt.exe

  • Size

    587KB

  • MD5

    a58ba28556b22b42763f7e250fb0a4ee

  • SHA1

    1736c40a3405568ea7eb99626fc6787225081eac

  • SHA256

    0ebd3bc3035a85c16d9856235d470598e247755fb4b3744c32ac6bab6c4d311f

  • SHA512

    e2061c4c2ab471f4f6d7c9af420cb821f28b640f3c8b0a20fa7d994e36c0a1996922f84cc471e26518eeba3bbe059cb861371afb5c612327be9a9706f7f0abf0

  • SSDEEP

    6144:hWsTS0AV13ha4LtgdA8ICUNV9xIm683GcS+/ccP+zwrC3vGIETPm3zBzPH:k3ltga2UNKsFSJcPu

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Refbkefruvt.exe
    "C:\Users\Admin\AppData\Local\Temp\Refbkefruvt.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2084

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2084-54-0x0000000000820000-0x00000000008BA000-memory.dmp

          Filesize

          616KB

        • memory/2084-55-0x000007FEF6010000-0x000007FEF69FC000-memory.dmp

          Filesize

          9.9MB

        • memory/2084-56-0x000000001B140000-0x000000001B1C0000-memory.dmp

          Filesize

          512KB

        • memory/2084-57-0x000007FEF6010000-0x000007FEF69FC000-memory.dmp

          Filesize

          9.9MB

        • memory/2084-58-0x000000001B140000-0x000000001B1C0000-memory.dmp

          Filesize

          512KB