Overview

overview

8

Static

static

3

1d8f18c393...d2.exe

windows7-x64

1d8f18c393...d2.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    6s
  • max time network
    7s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 01:59 UTC

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    1d8f18c3939192ce5bb8ce7f093cf7d2.exe

  • Size

    88KB

  • MD5

    1d8f18c3939192ce5bb8ce7f093cf7d2

  • SHA1

    1beb8a0c807afba0445cf9c55d8ef4c1b6341fde

  • SHA256

    b6fa393932db3c7e075b413417633418d5b8d8807781054ad8cb72bc281e4547

  • SHA512

    52372ccb541b37c7d2d7512a98bb22fb7ef4f6545a5777802201a7cc5701f89d44e4d6671360c59d41fb347c050ad82fb91f05a71bcd7bd1003f85816a5465a6

  • SSDEEP

    1536:16u1IGY4iPqaOa0zYAbQDWqiC9pKoc2eyrxKG2BFtG1StCqb7TFoGMuWJ6:16u1ZYoDnYAbQDWSpBrgG2zZJHTFok

Score
8/10
persistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d8f18c3939192ce5bb8ce7f093cf7d2.exe
    "C:\Users\Admin\AppData\Local\Temp\1d8f18c3939192ce5bb8ce7f093cf7d2.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1608
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:3036
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2904

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1608-0-0x0000000001000000-0x0000000001017000-memory.dmp

        Filesize

        92KB

        Download

      • memory/1608-1-0x0000000001000000-0x0000000001014000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1608-3-0x0000000001000000-0x0000000001017000-memory.dmp

        Filesize

        92KB

        Download

      • memory/2904-5-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3036-4-0x0000000002D90000-0x0000000002D91000-memory.dmp

        Filesize

        4KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.