Overview

overview

1

Static

static

1

eicar.zip

windows7-x64

1

eicar.zip

windows10-2004-x64

1

eicar/eicar.com

windows7-x64

eicar/eicar.com

windows10-2004-x64

Analysis

  • max time kernel
    616s
  • max time network
    619s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13-01-2024 11:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eicar.zip

  • Size

    358B

  • MD5

    0a36fd59837f65ecec597b7952770598

  • SHA1

    4815f053ac2279dfcdb23e1f2c93c3ee17e81d7b

  • SHA256

    1841c6b8f7bced635a6a24cd7fd913b6f64ffb4e6e60300182b2199b10dbe2cd

  • SHA512

    c66e2a6297602b1f43e00810b1e9e73474e0b07ab7b9917894979c8dc644676a0747da15ff16c6c9919b66abbf534643e2448cf58a0dad92d146f0c1545f7de7

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eicar.zip
    1⤵
      PID:2064
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
      1⤵
        PID:3048
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x570
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2556
      • C:\Windows\SysWOW64\DllHost.exe
        C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
        1⤵
          PID:2640

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads