Analysis
-
max time kernel
139s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
23/04/2024, 04:14
General
-
Target
d1efd4c176a213df0afc1c76224119d2b381d599898cd9f793dd5c4b23b5972c.exe
-
Size
81KB
-
MD5
ba42daf784ba666e3f81d2edc16bc124
-
SHA1
4818a3d1d146a6de1742c22c37b5cd97ccbbc924
-
SHA256
d1efd4c176a213df0afc1c76224119d2b381d599898cd9f793dd5c4b23b5972c
-
SHA512
c8574c3ced6734ea08afbf2cda7108a9d781afcc529cb7100f8da29225e84ffc1ac58158ba37ff8a99e536bf70ddbdd587346486dfcf69807b200a3a46596752
-
SSDEEP
1536:zaWLF1kxTnUI4CFPtv6iSJnaGlbVUhox5Xx:zaWExTnUTCFPtvanaGlbVUho/
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Drops file in System32 directory 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d1efd4c176a213df0afc1c76224119d2b381d599898cd9f793dd5c4b23b5972c.exe"C:\Users\Admin\AppData\Local\Temp\d1efd4c176a213df0afc1c76224119d2b381d599898cd9f793dd5c4b23b5972c.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\Winkivl.exeC:\Windows\SysWOW64\Winkivl.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
83KB
MD5e69bf57736105b01b48d1c2cf0b0ed1a
SHA1c3a850853f1919d4a0652c3f368359db35fbf626
SHA2563e28755c9215d9ee3963c0b85bb6fc764e13705e9e1b73223b1018956c5cde45
SHA51223b4ef0e9fbd7ea8add64a6d6b248895fa3bbd85914d7f2549fadc0f4f9a930dec5a69c195292b7dffab4d5092c6f55de6846be90e269b6f701df3129630c57c
-
Filesize
596KB
-
Filesize
596KB
-
Filesize
596KB