Analysis

  • max time kernel
    139s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230831-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/09/2023, 16:05

General

  • Target

    x5rcnYdSS63I.exe

  • Size

    32KB

  • MD5

    7377cd7083dd08f6c896069b6e235525

  • SHA1

    3dd5b7405fdc95686a8aaf1fbb60b37f9f6482c0

  • SHA256

    37a9de85c77b7c0bcf5e7147ec294a3bb9158aff6a5b2aca6e98b11d33c4ae75

  • SHA512

    b14fa6d7dfdfc5645d65dab251a144196e2f929db756d27e344a7e4c7d40efc03f83dd8a3350d4d11d0debabb15c922a07e06d42958df4f6c5115de6bf1d6065

  • SSDEEP

    384:f0bUe5XB4e0XfOZeANuiEO0YaBWTatTUFQqzFSObb8:UT9Bu2IguiEYqgb8

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\x5rcnYdSS63I.exe
    "C:\Users\Admin\AppData\Local\Temp\x5rcnYdSS63I.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3136
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\x5rcnYdSS63I.exe"
      2⤵
        PID:3080

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3136-0-0x0000000074970000-0x0000000074F21000-memory.dmp

      Filesize

      5.7MB

    • memory/3136-1-0x0000000074970000-0x0000000074F21000-memory.dmp

      Filesize

      5.7MB

    • memory/3136-2-0x0000000000D80000-0x0000000000D90000-memory.dmp

      Filesize

      64KB

    • memory/3136-3-0x0000000074970000-0x0000000074F21000-memory.dmp

      Filesize

      5.7MB

    • memory/3136-4-0x0000000074970000-0x0000000074F21000-memory.dmp

      Filesize

      5.7MB

    • memory/3136-5-0x0000000000D80000-0x0000000000D90000-memory.dmp

      Filesize

      64KB

    • memory/3136-7-0x0000000074970000-0x0000000074F21000-memory.dmp

      Filesize

      5.7MB