Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    25/10/2023, 05:57

General

  • Target

    INV-PL (KF-20230920-KB) ???????????????????(?.exe

  • Size

    491KB

  • MD5

    d7efde7a4ae17a23044520ef4b1d6580

  • SHA1

    625c66ee9ea45af883ddf19d98c730d24838204e

  • SHA256

    989acc1c32f6dab02d1d29f18483f94d98b0708ddb057ce7404c348cb2b073f7

  • SHA512

    a32589592835e4ce1fe2986e8728add41a75028f7c77885f2a8ed991a9d662419f93f10449f3f0947cb88f078f9d70dbc0803ab78a896146cfbc87be2b24403c

  • SSDEEP

    12288:SZEMFB+H+5qrrQaj+o1Dz1eh0910GxAVU9DGe4:x8sSApb910Gay9R

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\INV-PL (KF-20230920-KB) ___________________(_.exe
    "C:\Users\Admin\AppData\Local\Temp\INV-PL (KF-20230920-KB) ___________________(_.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Users\Admin\AppData\Local\Temp\INV-PL (KF-20230920-KB) ___________________(_.exe
      "C:\Users\Admin\AppData\Local\Temp\INV-PL (KF-20230920-KB) ___________________(_.exe"
      2⤵
        PID:2024
      • C:\Users\Admin\AppData\Local\Temp\INV-PL (KF-20230920-KB) ___________________(_.exe
        "C:\Users\Admin\AppData\Local\Temp\INV-PL (KF-20230920-KB) ___________________(_.exe"
        2⤵
          PID:2264
        • C:\Users\Admin\AppData\Local\Temp\INV-PL (KF-20230920-KB) ___________________(_.exe
          "C:\Users\Admin\AppData\Local\Temp\INV-PL (KF-20230920-KB) ___________________(_.exe"
          2⤵
            PID:1736
          • C:\Users\Admin\AppData\Local\Temp\INV-PL (KF-20230920-KB) ___________________(_.exe
            "C:\Users\Admin\AppData\Local\Temp\INV-PL (KF-20230920-KB) ___________________(_.exe"
            2⤵
              PID:2692
            • C:\Users\Admin\AppData\Local\Temp\INV-PL (KF-20230920-KB) ___________________(_.exe
              "C:\Users\Admin\AppData\Local\Temp\INV-PL (KF-20230920-KB) ___________________(_.exe"
              2⤵
                PID:2696

            Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • memory/2468-0-0x0000000000390000-0x0000000000410000-memory.dmp

                    Filesize

                    512KB

                  • memory/2468-1-0x0000000073E00000-0x00000000744EE000-memory.dmp

                    Filesize

                    6.9MB

                  • memory/2468-2-0x0000000004D70000-0x0000000004DB0000-memory.dmp

                    Filesize

                    256KB

                  • memory/2468-3-0x0000000000420000-0x0000000000430000-memory.dmp

                    Filesize

                    64KB

                  • memory/2468-4-0x0000000073E00000-0x00000000744EE000-memory.dmp

                    Filesize

                    6.9MB

                  • memory/2468-5-0x0000000004D70000-0x0000000004DB0000-memory.dmp

                    Filesize

                    256KB

                  • memory/2468-6-0x0000000000450000-0x0000000000456000-memory.dmp

                    Filesize

                    24KB

                  • memory/2468-7-0x0000000000460000-0x000000000046A000-memory.dmp

                    Filesize

                    40KB

                  • memory/2468-8-0x00000000041E0000-0x0000000004238000-memory.dmp

                    Filesize

                    352KB

                  • memory/2468-9-0x0000000073E00000-0x00000000744EE000-memory.dmp

                    Filesize

                    6.9MB