Overview

overview

10

Static

static

3

lz.exe

windows7-x64

1

lz.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    01-09-2023 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lz.exe

  • Size

    388KB

  • MD5

    4ff84ca1c02088f313c97694244cb2a4

  • SHA1

    d2ffff7d201ac6236d3d091047f498c11bae00d6

  • SHA256

    f3126ddd86d1e048db68f22cb1de5de871282bbd5764c4c77867042c8f1aab93

  • SHA512

    0ab79b098be51c4035871e1b85bb815954a0c936fb9bc5bc598ac824e1c4e45d5f6b56f4f3e4a063c82a91ab30cb953018abc9161e3b2cfdf785d97d6a09d00b

  • SSDEEP

    12288:tCspLdeVEn/oEehNiNsF9hS2Oga+nqgU+1kkqabCtXSXNcqye9cBz:tCULoVEn/oEsA/2OgVqgU+1kkqabCtXB

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lz.exe
    "C:\Users\Admin\AppData\Local\Temp\lz.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1560-0-0x0000000000D00000-0x0000000000D68000-memory.dmp

    Filesize

    416KB

    Download

  • memory/1560-1-0x0000000074050000-0x000000007473E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1560-2-0x0000000004430000-0x0000000004470000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1560-3-0x0000000074050000-0x000000007473E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1560-4-0x0000000004430000-0x0000000004470000-memory.dmp

    Filesize

    256KB

    Download