Overview

overview

7

Static

static

3

eaab589d25...JC.exe

windows7-x64

7

eaab589d25...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 19:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    eaab589d2541504d0c1c302f52558278_JC.exe

  • Size

    80KB

  • MD5

    eaab589d2541504d0c1c302f52558278

  • SHA1

    4b98386f8392eed2ebe9ac207a13aa1fd2350e8c

  • SHA256

    8017037d312ec7e55a9bf0856bb887133454676deded1e9db0bb79434d5a2c7f

  • SHA512

    92603098b46ce8e256daa418a08bdd57661e8b7265c6269713af9ea67689214dc0b96aac83d2de69a9fd801f8df5b794c602fbbc83ff803d3e988bfed6e4eca9

  • SSDEEP

    1536:zaWLF1kxTnUI4CFPtv6iSJnaGlbVxhop+:zaWExTnUTCFPtvanaGlbVxhoE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eaab589d2541504d0c1c302f52558278_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\eaab589d2541504d0c1c302f52558278_JC.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:216
  • C:\Windows\SysWOW64\Winkhs.exe
    C:\Windows\SysWOW64\Winkhs.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4988

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\Winkhs.exe
          Filesize

          79KB

          MD5

          266c10d20133fb0a15494cdcd90e4677

          SHA1

          0e5f5fb784860d49f13c5202f45582926ed052de

          SHA256

          142129b6fa27eb42fd3a1fe2c90a506525d639467c4bb6872b35ae5551409838

          SHA512

          848e753048aba1af873b43484ca46006f87d8f1a8ee65ee40a5a68808a4b5b762e9f9204b7fa9787654fb68fa24a4e79c828905de2d2c0f939587e7db491278c

          Download Submit

        • C:\Windows\SysWOW64\Winkhs.exe
          Filesize

          79KB

          MD5

          266c10d20133fb0a15494cdcd90e4677

          SHA1

          0e5f5fb784860d49f13c5202f45582926ed052de

          SHA256

          142129b6fa27eb42fd3a1fe2c90a506525d639467c4bb6872b35ae5551409838

          SHA512

          848e753048aba1af873b43484ca46006f87d8f1a8ee65ee40a5a68808a4b5b762e9f9204b7fa9787654fb68fa24a4e79c828905de2d2c0f939587e7db491278c

          Download Submit

        • C:\Windows\SysWOW64\Winkhs.exe
          Filesize

          79KB

          MD5

          266c10d20133fb0a15494cdcd90e4677

          SHA1

          0e5f5fb784860d49f13c5202f45582926ed052de

          SHA256

          142129b6fa27eb42fd3a1fe2c90a506525d639467c4bb6872b35ae5551409838

          SHA512

          848e753048aba1af873b43484ca46006f87d8f1a8ee65ee40a5a68808a4b5b762e9f9204b7fa9787654fb68fa24a4e79c828905de2d2c0f939587e7db491278c

          Download Submit

        • memory/216-0-0x0000000000400000-0x0000000000495000-memory.dmp

          Filesize

          596KB

          Download

        • memory/216-14-0x0000000000400000-0x0000000000495000-memory.dmp

          Filesize

          596KB

          Download

        • memory/4988-13-0x0000000000400000-0x0000000000495000-memory.dmp

          Filesize

          596KB

          Download

        • memory/4988-15-0x0000000000400000-0x0000000000495000-memory.dmp

          Filesize

          596KB

          Download