Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    27-08-2023 11:33

General

  • Target

    85abef10269eddb8818c222fab6257c5f4d6c11ea2b0667b16d07b575ea2269d.exe

  • Size

    1.5MB

  • MD5

    86ade85c8da7e31c88bfa55152c6be68

  • SHA1

    421c3cf51b531668d5c2064204c5191196537632

  • SHA256

    85abef10269eddb8818c222fab6257c5f4d6c11ea2b0667b16d07b575ea2269d

  • SHA512

    fcebf2d0285b4895785e64b63d8b2a6cdc7bcba4b2073324bfd1d9a564bfbf1f8abad3e14c5fdf37930d17f0697fc68cb995f8f6bfdf42cf3d9c0c0939701951

  • SSDEEP

    24576:Lpw2lV8QzZOxtNIxFaZDRLJ2oslgZSVg:1wMV8qkmAzJ2EZ

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\85abef10269eddb8818c222fab6257c5f4d6c11ea2b0667b16d07b575ea2269d.exe
    "C:\Users\Admin\AppData\Local\Temp\85abef10269eddb8818c222fab6257c5f4d6c11ea2b0667b16d07b575ea2269d.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1712-1-0x00000000003F0000-0x0000000000450000-memory.dmp

    Filesize

    384KB

  • memory/1712-0-0x0000000140000000-0x0000000140225000-memory.dmp

    Filesize

    2.1MB

  • memory/1712-7-0x00000000003F0000-0x0000000000450000-memory.dmp

    Filesize

    384KB

  • memory/1712-11-0x00000000003F0000-0x0000000000450000-memory.dmp

    Filesize

    384KB

  • memory/1712-13-0x0000000140000000-0x0000000140225000-memory.dmp

    Filesize

    2.1MB