Analysis

  • max time kernel
    26s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06-03-2024 03:26

General

  • Target

    b663536d5739f3d82eba2a59976ad9d3.exe

  • Size

    33KB

  • MD5

    b663536d5739f3d82eba2a59976ad9d3

  • SHA1

    8813613ddf70be31b0cb8c2e9538c95f5242ac73

  • SHA256

    10ef1f9e277a55dbcfff6efda0be5ee668808cbdf3ad109c52f4444303128d28

  • SHA512

    88d2f25989a0b535a4480e311528e46b827e076a94fa861c12cdc159287195ff72175bc8e46091da7f89e92fd79879450c4948e50508f3553715fd768a9d90d9

  • SSDEEP

    768:l0ROFZBbmQ0ptg0GL9rB3HwY8Quwe/UbxSZEgLz7t:ScQajL9r5wO1e/UQ/X

Score
7/10

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b663536d5739f3d82eba2a59976ad9d3.exe
    "C:\Users\Admin\AppData\Local\Temp\b663536d5739f3d82eba2a59976ad9d3.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1220-0-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

  • memory/1220-5-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB