Resubmissions
09-04-2024 03:49
240409-edcl2adf68 1009-04-2024 03:48
240409-ec33ladf59 1009-04-2024 03:47
240409-ecqr9sdf46 1009-04-2024 03:47
240409-eb8xfshb7t 1003-04-2024 12:14
240403-peb21add42 10Analysis
-
max time kernel
1200s -
max time network
1200s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
09-04-2024 03:48
Static task
static1
Behavioral task
behavioral1
Sample
Ezxotfkmz.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Ezxotfkmz.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Ezxotfkmz.exe
Resource
win10v2004-20231215-en
General
-
Target
Ezxotfkmz.exe
-
Size
451KB
-
MD5
0d34f2b095cbff0be00eb45758929907
-
SHA1
3fa3b5e296d49c4d8e6dfc5d4b775a48609aca78
-
SHA256
89d511c97a4e0f4bf48a72fe764adb6d3de9007859c7632dc07477f2062c2b20
-
SHA512
6965e9d2c2b9a11bb428ba8ac47202b7d0d4aaf826f905fb0afee903b2ae4b85cec446b536721b84237aeeb08f03ff413a67c75c36ba78d85a6727831e7b6340
-
SSDEEP
6144:xpHC550+1KYQ2JRpK3SRgadBU9RwfqUKDPi5xo/nY:xpis+S2JRpK3SRgKQ/n
Malware Config
Signatures
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2328 Ezxotfkmz.exe