Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230824-en -
resource tags
arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system -
submitted
27-08-2023 19:22
Static task
static1
Behavioral task
behavioral1
Sample
93e7784defa1b30dcc93427bae186724.exe
Resource
win7-20230824-en
Behavioral task
behavioral2
Sample
93e7784defa1b30dcc93427bae186724.exe
Resource
win10v2004-20230703-en
General
-
Target
93e7784defa1b30dcc93427bae186724.exe
-
Size
1.3MB
-
MD5
93e7784defa1b30dcc93427bae186724
-
SHA1
eb20295f9ee17ce56965fc426c347a4fa7992fcc
-
SHA256
30e641405af2fa5bc1a705bf239a45bf8b8e42d6bf2c2692d98299d4a8ff344e
-
SHA512
abb0dde73b5c7b48335ffe7c1b42870921505b598c7e926ce0fc7e0298d0f0c3d826b8a735144003a5823c9af76ebd7a1d340988f73705910f00cdf8641ba13c
-
SSDEEP
12288:suyj5aH+AStprOKd+RyAWjOXjrWq7WWXFpdp8LxwrLqgpwZWpT6oIfo1AfBNAWUU:L+Ltbd+R2OXjrWq51pmxwrNpKWZ6D
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
93e7784defa1b30dcc93427bae186724.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pekmez.lnk 93e7784defa1b30dcc93427bae186724.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
93e7784defa1b30dcc93427bae186724.exedescription pid process Token: SeDebugPrivilege 868 93e7784defa1b30dcc93427bae186724.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/868-0-0x00000000744F0000-0x0000000074BDE000-memory.dmpFilesize
6.9MB
-
memory/868-1-0x0000000000FB0000-0x00000000010FC000-memory.dmpFilesize
1.3MB
-
memory/868-3-0x0000000005910000-0x0000000005950000-memory.dmpFilesize
256KB
-
memory/868-4-0x00000000744F0000-0x0000000074BDE000-memory.dmpFilesize
6.9MB