Overview

overview

1

Static

static

1

WinAuth.exe

windows10-2004-x64

1

WinAuth.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    90s
  • max time network
    204s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19-09-2024 06:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WinAuth.exe

  • Size

    5.5MB

  • MD5

    3c8b42ff6bc4822fc6d874f6f21230dd

  • SHA1

    d4ad4481010f4e483ac774d69c3d26a1c15bb4aa

  • SHA256

    eb08274c182ab8b68b375d06f35109af7c6c034f9d06c1ac81e26552d9d81d45

  • SHA512

    ec7c97ab6ca4beb8662906375ca3e2790f26ad0b1cc63f8a1fdab4678b66441b42205e054a6c8db3ab71c324f029df85be8889af699716fa4c2f7a472ec213e0

  • SSDEEP

    49152:zKDcNv5/1CyKG5iNjqBbzsXSJ6wsNpONV98Jg9EkjBAZGept+SnxbGr3bj8ptYkH:k1GwAAX+6wQp6V9829EkjpWoFPZ43

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WinAuth.exe
    "C:\Users\Admin\AppData\Local\Temp\WinAuth.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4060-0-0x00007FFE45773000-0x00007FFE45775000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4060-1-0x000002A17D330000-0x000002A17D8B8000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/4060-2-0x00007FFE45770000-0x00007FFE46232000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4060-3-0x00007FFE45770000-0x00007FFE46232000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4060-4-0x00007FFE45770000-0x00007FFE46232000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4060-5-0x000002A180110000-0x000002A180298000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4060-6-0x00007FFE45773000-0x00007FFE45775000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4060-7-0x00007FFE45770000-0x00007FFE46232000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4060-8-0x00007FFE45770000-0x00007FFE46232000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4060-9-0x00007FFE45770000-0x00007FFE46232000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4060-10-0x00007FFE45770000-0x00007FFE46232000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4060-11-0x00007FFE45770000-0x00007FFE46232000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4060-12-0x00007FFE45770000-0x00007FFE46232000-memory.dmp

    Filesize

    10.8MB

    Download