Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
23/04/2024, 05:29
General
-
Target
ef1511d55951417334e1f7e0c2a1f58235d4c211017e3feda12a4b08f22f3a24.exe
-
Size
84KB
-
MD5
d83a51b75fbcc5ef72279abda4707761
-
SHA1
4671af4903b60e8d0fe37c604d2e02c3bcbd77e0
-
SHA256
ef1511d55951417334e1f7e0c2a1f58235d4c211017e3feda12a4b08f22f3a24
-
SHA512
13ae0b4b4d169179de057cfc2c591b4ee3a631dab9a5f198a9a798aa35e5f4bf0b8a9d4ce2244cd056f68a81c04d8d66c6725c910759be03288e92649d2b9046
-
SSDEEP
768:+G8QAWLF1kxzPJvTRfT04ClTOPkvkvejKcrtnP/s2DBnoAZq5F4CCK6KcgMJnj:VCWLF1kxzLL04Cl8qrtzho7yKwnj
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Drops file in System32 directory 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ef1511d55951417334e1f7e0c2a1f58235d4c211017e3feda12a4b08f22f3a24.exe"C:\Users\Admin\AppData\Local\Temp\ef1511d55951417334e1f7e0c2a1f58235d4c211017e3feda12a4b08f22f3a24.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\Winkvxi.exeC:\Windows\SysWOW64\Winkvxi.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
80KB
MD516b4c5555fbc8c923adffc510f54593c
SHA173b9aacb6960701b45d0efe75fb6ff4c2e9c0dd6
SHA256b6f3a5cb60212b2c13866dd2840a16c9d262b8313d6eff1e5d7a6b04fe73d1ca
SHA512c9be4396f170e190440a25ef98437b092e89f61971c2dbeadf9c72e51f3aff540756ae25c1a368952e7d5c5820016538cb9bedeec2ed1d5f72d65d577a9c9afa