Overview

overview

8

Static

static

3

1880e0629b...3e.exe

windows7-x64

1880e0629b...3e.exe

windows10-2004-x64

Analysis

  • max time kernel
    7s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 12:27

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    1880e0629b4eff623386dd9cc52c3e3e.exe

  • Size

    92KB

  • MD5

    1880e0629b4eff623386dd9cc52c3e3e

  • SHA1

    da2971f13de251625b878fc89c341c7df3583ead

  • SHA256

    c0b9e0164104c437915d6f430374889a4534a93cd7e9d554dfe9ce1b45f5d432

  • SHA512

    fcf2f24f6f783dc015a60e6fc29d2ae9a86cca25bffe7d89c8bdd19b86fa1f5b5c26f8cc99b1cb2beaff60e3e1e7c11de5148c121f8887ee5ec94e0edd1f8fab

  • SSDEEP

    1536:5N9eh1B5vouwEM6hsF9kQgJ6QUDorcmRrbIYzZyrCuhUk1sTLzMo:5Nch17vEEMPnGAQMAcsblUtSKsPzMo

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1880e0629b4eff623386dd9cc52c3e3e.exe
    "C:\Users\Admin\AppData\Local\Temp\1880e0629b4eff623386dd9cc52c3e3e.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2964
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2180
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2720

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2180-5-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2720-6-0x00000000026E0000-0x00000000026E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2964-0-0x0000000001000000-0x0000000001018000-memory.dmp

              Filesize

              96KB

              Download

            • memory/2964-2-0x0000000001000000-0x0000000001018000-memory.dmp

              Filesize

              96KB

              Download

            • memory/2964-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

              Filesize

              4KB

              Download