Analysis
-
max time kernel
112s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
03-10-2024 02:51
General
-
Target
522b9ea7e1f0455b050f4e71ae5b8da5d884733df7a5f1cf65b819d2e0156426N.exe
-
Size
78KB
-
MD5
ea0d95429b2b8d79cd5c488b7edf2920
-
SHA1
5bcb69e9e2522c561efea9f47a7f081ad3a951b4
-
SHA256
522b9ea7e1f0455b050f4e71ae5b8da5d884733df7a5f1cf65b819d2e0156426
-
SHA512
e1660b5d8da04b1f3507f3c1028c69bdba75635cfcec9768a980ca282984d5ccbcd54e4a7ffd1586e6d23bad808d63f95d7ef8cfb5d43ce7da18f5cac0040056
-
SSDEEP
768:zXS6Lnze1gshn5ew/QuBdL/4Ckir4SWeq3HwFdkt+Afs2DBnoFBgFpm5XkfIT9ze:TSSnze1gsJ55n/4CkOwwF+bhos2RozJ
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Drops file in System32 directory 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\522b9ea7e1f0455b050f4e71ae5b8da5d884733df7a5f1cf65b819d2e0156426N.exe"C:\Users\Admin\AppData\Local\Temp\522b9ea7e1f0455b050f4e71ae5b8da5d884733df7a5f1cf65b819d2e0156426N.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\Winkxy.exeC:\Windows\SysWOW64\Winkxy.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
81KB
MD564726d14eb589314ff3c45e4e979eae9
SHA180ff0b01e10a0f89979c031475799336b7c4aeab
SHA2569b877767387498d65012585593ece3d51d833bd308da9045a6a5f7ef4cd44f01
SHA51209983712974c7182efbae1eb6ea7c3a9e9b4ab491f2ecd33badff3088bbacf18c22a7e12fa6f91bf4ba53aa24c5cabd4dc6c06320f12b83db826528a8398d364