Overview

overview

3

Static

static

3

21237fc58f...2a.exe

windows7-x64

3

21237fc58f...2a.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 13:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    21237fc58ff4349220b988d176cef82a.exe

  • Size

    108KB

  • MD5

    21237fc58ff4349220b988d176cef82a

  • SHA1

    f4ff99d185bb67ff61a3f34f113f1f96b08048a8

  • SHA256

    46d6cf75f3fd0e2689c0b66730da33ff592e2d4c12e0bbdb988c5196ea5368ba

  • SHA512

    31d8eb32d8729644aa8afde8bb6ec221ee84e471319f49717040042558574bc6baf2e57058ccc6bd683efb97d93b480f1a25d02d007810daaa85e07c60c6efbe

  • SSDEEP

    1536:1bSqZVJdThUxmskJJw73xehCbRfQZvZgWhbv9G9DKKlVCBXI/tmjalomuRF:1bLpZuEskJ4xSCFfav+qbA34Bultuv

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21237fc58ff4349220b988d176cef82a.exe
    "C:\Users\Admin\AppData\Local\Temp\21237fc58ff4349220b988d176cef82a.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1452

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1452-0-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/1452-1-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download