Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
06/03/2024, 16:56
General
-
Target
b7e7d8a59c75a9fe54d53ce80661cf7d.exe
-
Size
132KB
-
MD5
b7e7d8a59c75a9fe54d53ce80661cf7d
-
SHA1
90994cc3e0daaa99e04c680072ebc41790e392c4
-
SHA256
53aeaffe63305cb272b26a45a1b6ca0921a0feb3ec0d3772c34b8354ceb80e6c
-
SHA512
68c5b9b3484056c2a81d9390cdc0a3c3ae2d6fc9b257eb819320887dbf4f65864f856771fd9b7876f237121465c934534a5fc27b438cb441748063f1506f1680
-
SSDEEP
3072:VSPktYmvwgtTBfCQNUYMYDMclLoW9BR9wjJrjr:wciqwgtTBqnN2lLo+2Hr
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b7e7d8a59c75a9fe54d53ce80661cf7d.exe"C:\Users\Admin\AppData\Local\Temp\b7e7d8a59c75a9fe54d53ce80661cf7d.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\B7E7D8~1.EXE > nul2⤵
-
-
C:\Windows\SysWOW64\vjikux.exeC:\Windows\SysWOW64\vjikux.exe1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
132KB
MD5b7e7d8a59c75a9fe54d53ce80661cf7d
SHA190994cc3e0daaa99e04c680072ebc41790e392c4
SHA25653aeaffe63305cb272b26a45a1b6ca0921a0feb3ec0d3772c34b8354ceb80e6c
SHA51268c5b9b3484056c2a81d9390cdc0a3c3ae2d6fc9b257eb819320887dbf4f65864f856771fd9b7876f237121465c934534a5fc27b438cb441748063f1506f1680
-
Filesize
132KB
-
Filesize
132KB