Analysis

  • max time kernel
    120s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 00:58

General

  • Target

    1eb73ec7fdbc22b0243f104675cffc71.exe

  • Size

    66KB

  • MD5

    1eb73ec7fdbc22b0243f104675cffc71

  • SHA1

    db027e99696d1e8f570640cb9f6a886889033661

  • SHA256

    71f939db9cf07c3d390cfad2ef78f64f8f813a8a1c3ad40f8c45b7dda4f7b340

  • SHA512

    8d16cd9c3d4643544130e65829c5a7b0ce081e12c0945642aa68bc80489a183d61c1febb3c253dcbcbf87a31ba22b29b760d5c17d476d0aa37e139b607889023

  • SSDEEP

    768:sujvWRsd2Qhd0ZKbzqpaHZIL634XoqATTtt+AZtDtK0u19A+rlRxt:kRsZ0ZK/UaHZU61nTn+cDHuXA+XD

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1eb73ec7fdbc22b0243f104675cffc71.exe
    "C:\Users\Admin\AppData\Local\Temp\1eb73ec7fdbc22b0243f104675cffc71.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2072
  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:420

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/420-2-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB