Overview

overview

7

Static

static

3

16f6c10a52...e9.exe

windows7-x64

4

16f6c10a52...e9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2023 22:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16f6c10a52d4be254a1397e9eb26d1e9.exe

  • Size

    148KB

  • MD5

    16f6c10a52d4be254a1397e9eb26d1e9

  • SHA1

    10acd4893f6be52aceea1f43e19c456152336b43

  • SHA256

    e053aacd4c5334226f02d2177af67a63e3a7e8d48efe13a0af2510798fd6b1b0

  • SHA512

    361bbee363e8f570f45eafd222e9100162eb37c912f4f4800984290524038f7d62e748b3aa4b07c255bffd6b9edb694efd0e121b11bdea2970ff9cac176a03f2

  • SSDEEP

    3072:cUqYW8TOt7UvMpdtDcex9/2LVvy/whjLwBDrk:clYWIGUUpdtDPILFGwhvwBX

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16f6c10a52d4be254a1397e9eb26d1e9.exe
    "C:\Users\Admin\AppData\Local\Temp\16f6c10a52d4be254a1397e9eb26d1e9.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2192
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k imgsvc
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\FileName.jpg
    Filesize

    638KB

    MD5

    80b404a164f5c7999a544d2f802fe7ab

    SHA1

    a6efbb2e2ad07ad5b27bffe024f02e1a348b39fb

    SHA256

    a57967e772f8e4b18f414a8f52bbc84a266cc49c63917bc638c39d22ac13ccf9

    SHA512

    1be301b98b041318ecd6b2509b2303a6a4b17cb3a6a655c1bb9fad092280b3d5e1d849c348fe4d21515f30fe483084f933f17a1a90990108eca52ab4e7494b69

    Download Submit

  • \??\c:\windows\filename.jpg
    Filesize

    5.8MB

    MD5

    f9fb2696205d537704ffab0d58357cf7

    SHA1

    f48e8a596faa67c94114e40f2bfc6c4cf68bbab2

    SHA256

    4c7ba6003a24674aa370fb026f18cfa64c88dc6076291f3b210d181c19304242

    SHA512

    db86c187bd9810a4f4d7503c6b51384f9878edc14d284c85f0f39bb099b7c0eeffe51c7d19c1aef87246ed27069d61684a3cae12edf6c4fb02ab0671114330ba

    Download Submit