Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
10-10-2023 08:46
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Ucaai.exe
Resource
win7-20230831-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
Ucaai.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
11 signatures
150 seconds
General
-
Target
Ucaai.exe
-
Size
590KB
-
MD5
a3128c8b67fd08ae19dd966bef878cb4
-
SHA1
8e636f183d7185b23f9894bad847d1ada4561252
-
SHA256
afea8e29447ebe85480428e2ad947457d515968694dcb5d721886ad1d5945459
-
SHA512
caf3e8071c53c0838514110658a36deff6f90a205b941010537a95f8650181a16ca9c1776e2593bce52cea440fa7348937ff928e28b8553bb0f00201403a8fc5
-
SSDEEP
12288:4ES8ryazt80P6Etvu/2oALepFUAPU5bJb+a2HbTFDBWELTpKHf:4UJnLepFUAPU59bObTNL/YHf
Score
6/10
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Ucaai.exedescription pid process Token: SeDebugPrivilege 1288 Ucaai.exe