Overview

overview

3

Static

static

3

R3nzSkin_Injector.exe

windows7-x64

1

R3nzSkin_Injector.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    14s
  • max time network
    18s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/09/2023, 19:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    R3nzSkin_Injector.exe

  • Size

    268KB

  • MD5

    af45520e94bbffb12e88247712bf07e3

  • SHA1

    05d180b9ef4f95d80b0c6a4ec71a2164ddf84eeb

  • SHA256

    3d7217cead588bb786f4101f2f612377f8fb480e2f4f65765f8004f9f46ee550

  • SHA512

    42b9fd02a042ece73174b7c46d82b1b51e076eaf6ce9fb96baae233c75ea3257ceafa2ced69e35610ad56db17dcd99ee04894a5c2d7ab3b7a9d7b52f6bd1d620

  • SSDEEP

    6144:FU64RzDQlu/oCes/N+mscsVTcA/Yxo7fGQZy9gAsm3oAEdsG/2x6kzsGY/A4Sr+F:GBQBmrsVTcA/YxofGQZy9gAsm3oAEdsa

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\R3nzSkin_Injector.exe
    "C:\Users\Admin\AppData\Local\Temp\R3nzSkin_Injector.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/856-0-0x00007FF66EBE0000-0x00007FF66EC2A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/856-1-0x00007FFFC3600000-0x00007FFFC40C1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/856-2-0x00000214FC7A0000-0x00000214FC7AA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/856-3-0x00000214FC740000-0x00000214FC750000-memory.dmp

    Filesize

    64KB

    Download

  • memory/856-5-0x00007FFFC3600000-0x00007FFFC40C1000-memory.dmp

    Filesize

    10.8MB

    Download