Analysis
-
max time kernel
117s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
13-10-2023 13:07
Static task
static1
Behavioral task
behavioral1
Sample
666f8663a955a3aa87d782473a0260dd5baa2dfe16358c9e2a0c58e662f38bcc.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
666f8663a955a3aa87d782473a0260dd5baa2dfe16358c9e2a0c58e662f38bcc.exe
Resource
win10v2004-20230915-en
General
-
Target
666f8663a955a3aa87d782473a0260dd5baa2dfe16358c9e2a0c58e662f38bcc.exe
-
Size
1.9MB
-
MD5
162ed4da3ca8d0236b81891a381ec98e
-
SHA1
791aae13ee5e0ed51fda41f0ed872c0d07fc9e51
-
SHA256
666f8663a955a3aa87d782473a0260dd5baa2dfe16358c9e2a0c58e662f38bcc
-
SHA512
5d1c0f59dce6519ea9adf66163e495dcd16f94b21dfbfc851c6d018bed6069a56b13ce3439f5d289128dc6a0ff650a64beb1f5ab4335655c3f820f1d156436e2
-
SSDEEP
24576:WEsSEi3sf1FKkk0vOWz3AReNQ2hgArhlxaCsVb6KoTpZCFg6DTk1F2RjkjCQGNU3:W35kUz3VNVgcWCsVb6KUpZ+hDg1F2d6B
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
666f8663a955a3aa87d782473a0260dd5baa2dfe16358c9e2a0c58e662f38bcc.exedescription pid process Token: SeDebugPrivilege 2644 666f8663a955a3aa87d782473a0260dd5baa2dfe16358c9e2a0c58e662f38bcc.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
666f8663a955a3aa87d782473a0260dd5baa2dfe16358c9e2a0c58e662f38bcc.exepid process 2644 666f8663a955a3aa87d782473a0260dd5baa2dfe16358c9e2a0c58e662f38bcc.exe 2644 666f8663a955a3aa87d782473a0260dd5baa2dfe16358c9e2a0c58e662f38bcc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\666f8663a955a3aa87d782473a0260dd5baa2dfe16358c9e2a0c58e662f38bcc.exe"C:\Users\Admin\AppData\Local\Temp\666f8663a955a3aa87d782473a0260dd5baa2dfe16358c9e2a0c58e662f38bcc.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2644