Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    05/09/2023, 16:05

General

  • Target

    x5rcnYdSS63I.exe

  • Size

    32KB

  • MD5

    7377cd7083dd08f6c896069b6e235525

  • SHA1

    3dd5b7405fdc95686a8aaf1fbb60b37f9f6482c0

  • SHA256

    37a9de85c77b7c0bcf5e7147ec294a3bb9158aff6a5b2aca6e98b11d33c4ae75

  • SHA512

    b14fa6d7dfdfc5645d65dab251a144196e2f929db756d27e344a7e4c7d40efc03f83dd8a3350d4d11d0debabb15c922a07e06d42958df4f6c5115de6bf1d6065

  • SSDEEP

    384:f0bUe5XB4e0XfOZeANuiEO0YaBWTatTUFQqzFSObb8:UT9Bu2IguiEYqgb8

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\x5rcnYdSS63I.exe
    "C:\Users\Admin\AppData\Local\Temp\x5rcnYdSS63I.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:868
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\x5rcnYdSS63I.exe"
      2⤵
        PID:2088

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/868-0-0x00000000746E0000-0x0000000074C8B000-memory.dmp

      Filesize

      5.7MB

    • memory/868-1-0x00000000746E0000-0x0000000074C8B000-memory.dmp

      Filesize

      5.7MB

    • memory/868-2-0x0000000000B70000-0x0000000000BB0000-memory.dmp

      Filesize

      256KB

    • memory/868-3-0x00000000746E0000-0x0000000074C8B000-memory.dmp

      Filesize

      5.7MB

    • memory/868-4-0x00000000746E0000-0x0000000074C8B000-memory.dmp

      Filesize

      5.7MB

    • memory/868-5-0x0000000000B70000-0x0000000000BB0000-memory.dmp

      Filesize

      256KB

    • memory/868-6-0x0000000000B70000-0x0000000000BB0000-memory.dmp

      Filesize

      256KB

    • memory/868-7-0x00000000746E0000-0x0000000074C8B000-memory.dmp

      Filesize

      5.7MB