Overview

overview

6

Static

static

3

winprofile

windows7-x64

6

winprofile

windows10-1703-x64

6

Resubmissions

04/08/2023, 04:13

230804-es4n3aae3y 6

04/08/2023, 03:41

230804-d8rh1aad4t 6

Analysis

  • max time kernel
    121s
  • max time network
    256s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04/08/2023, 03:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7bef89cc8e6289effc89b9e45d621cd95793a58ce4b175bbdc90fc51ac68b912.exe

  • Size

    181.7MB

  • MD5

    50132b4d46daa06051dedb7b9612bdf9

  • SHA1

    d273c08acb8719116869da05ab1967429be83805

  • SHA256

    7bef89cc8e6289effc89b9e45d621cd95793a58ce4b175bbdc90fc51ac68b912

  • SHA512

    ecfb1629329ee1825f8e6a9131f9dd4e28aa97d08b56a8a919e4c63f4ac8af85adb6b6dc8f68fb924f73ba013726dde999a4c7c9d571d6102cc1e3a01109da3b

  • SSDEEP

    3145728:85FiQ9FiQ9FiQ9FiQ9FiQ9FiQ9FiQ9FiQ9FiQ9FiQ9FiQC:8mQyQyQyQyQyQyQyQyQyQyQC

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7bef89cc8e6289effc89b9e45d621cd95793a58ce4b175bbdc90fc51ac68b912.exe
    "C:\Users\Admin\AppData\Local\Temp\7bef89cc8e6289effc89b9e45d621cd95793a58ce4b175bbdc90fc51ac68b912.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    PID:4464

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4464-120-0x0000000000F40000-0x0000000001080000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4464-121-0x0000000073090000-0x000000007377E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/4464-122-0x0000000005930000-0x0000000005940000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4464-123-0x0000000003390000-0x0000000003391000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4464-124-0x0000000005F20000-0x000000000641E000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/4464-125-0x0000000005AC0000-0x0000000005B52000-memory.dmp

          Filesize

          584KB

          Download

        • memory/4464-126-0x0000000073090000-0x000000007377E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/4464-127-0x0000000005930000-0x0000000005940000-memory.dmp

          Filesize

          64KB

          Download