Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19-02-2024 17:08

General

  • Target

    bTDk.exe

  • Size

    32KB

  • MD5

    7699a1f8463d4e48b20d720f8f794dbc

  • SHA1

    7cee32f7a24224f3ee107b632447589e41c22dc2

  • SHA256

    3f24a0243264894973daaddd665b311850024f99a47f935ca6ecba0d95f5f283

  • SHA512

    00c520107dfa5a8510e0c7c16f94bec02131fc3a3270d8af40769534781a2f75362f66b5f7897d9efbe770dcb3916f31e513ee0a24e891c7683a1d5d9306c713

  • SSDEEP

    384:z0bUe5XB4e0XppOjfrw0Q0mS03AWTxtTUFQqzFTObb9:gT9BuGj855dlb9

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bTDk.exe
    "C:\Users\Admin\AppData\Local\Temp\bTDk.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\bTDk.exe"
      2⤵
        PID:2852

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2644-0-0x0000000074930000-0x0000000074EDB000-memory.dmp

      Filesize

      5.7MB

    • memory/2644-1-0x0000000074930000-0x0000000074EDB000-memory.dmp

      Filesize

      5.7MB

    • memory/2644-2-0x0000000002150000-0x0000000002190000-memory.dmp

      Filesize

      256KB

    • memory/2644-3-0x0000000074930000-0x0000000074EDB000-memory.dmp

      Filesize

      5.7MB

    • memory/2644-4-0x0000000002150000-0x0000000002190000-memory.dmp

      Filesize

      256KB

    • memory/2644-5-0x0000000074930000-0x0000000074EDB000-memory.dmp

      Filesize

      5.7MB

    • memory/2644-6-0x0000000074930000-0x0000000074EDB000-memory.dmp

      Filesize

      5.7MB