Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2023, 19:36

General

  • Target

    xaKdKZI3e9WD.exe

  • Size

    32KB

  • MD5

    e37c35d72029ee64e9b86adc6dfb53f6

  • SHA1

    96c572d1c7813e821bcac26460a4b8777c4e7cf6

  • SHA256

    e936c50b852c04e153e12893717f7ef6e059dbce99fe615243d1109c5cd1de66

  • SHA512

    ba4884d732546668d1bd3d0f0b7372e4561063e3243eb7f1421962d43983e5704e9ebcf722403b0ae3fa6224500a7253c576f2064c6e2fb9aadc8e85e38f739a

  • SSDEEP

    384:00bUe5XB4e0XGODB4GepWTvtTUFQqz97ObbbF:RT9BuVmDulbZ

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\xaKdKZI3e9WD.exe
    "C:\Users\Admin\AppData\Local\Temp\xaKdKZI3e9WD.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:844
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\xaKdKZI3e9WD.exe"
      2⤵
        PID:2852

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/844-54-0x0000000074B50000-0x00000000750FB000-memory.dmp

      Filesize

      5.7MB

    • memory/844-56-0x0000000002000000-0x0000000002040000-memory.dmp

      Filesize

      256KB

    • memory/844-55-0x0000000074B50000-0x00000000750FB000-memory.dmp

      Filesize

      5.7MB

    • memory/844-57-0x0000000074B50000-0x00000000750FB000-memory.dmp

      Filesize

      5.7MB

    • memory/844-58-0x0000000074B50000-0x00000000750FB000-memory.dmp

      Filesize

      5.7MB

    • memory/844-59-0x0000000002000000-0x0000000002040000-memory.dmp

      Filesize

      256KB

    • memory/844-60-0x0000000074B50000-0x00000000750FB000-memory.dmp

      Filesize

      5.7MB