Analysis

  • max time kernel
    9s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/02/2024, 06:27

General

  • Target

    询价4020034178 Accell Asia Limited Taiwan Branch.exe

  • Size

    33KB

  • MD5

    03f696d1379af468d2dca3ec8d55a4a0

  • SHA1

    e78feb9bb25ea7117ccb5b9081e851305ef8b641

  • SHA256

    7e310de97f3af8be07cbfe477cfe9e4ab7454efed90fae32142799b8b59ede0e

  • SHA512

    c69b9b055aded6eae0f5babe6477d5056e6c0288178036ddec2d65bf9beb2fcf360c287810d6b15464c119419363f4952add867a27252eeb8892ef1809ca3a88

  • SSDEEP

    768:nJgDREAO78KuQ/Z/6gPrxCHG+jc/59ZVmrK3aEFiRDf:nJ9AO78KnZ/6wrxCH3jK59Sr5eipf

Score
9/10

Malware Config

Signatures

  • Contacts a large (3254) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\询价4020034178 Accell Asia Limited Taiwan Branch.exe
    "C:\Users\Admin\AppData\Local\Temp\询价4020034178 Accell Asia Limited Taiwan Branch.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4872-0-0x0000021555490000-0x000002155549C000-memory.dmp

    Filesize

    48KB

  • memory/4872-1-0x0000021555860000-0x000002155587A000-memory.dmp

    Filesize

    104KB

  • memory/4872-2-0x00007FFC975D0000-0x00007FFC98091000-memory.dmp

    Filesize

    10.8MB

  • memory/4872-3-0x000002156FAC0000-0x000002156FAD0000-memory.dmp

    Filesize

    64KB