Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 14:09

General

  • Target

    5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe

  • Size

    302KB

  • MD5

    a9502d407c7a3e0c43ad669c27638793

  • SHA1

    bf0b7815c6dac82643a5bf7bd397a6aa58a9e803

  • SHA256

    5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135

  • SHA512

    0dbe8772ded05ba2c67ea7a7e9bc291b76d8b73dbab86a35fca5b1138be41c2ee7a54333fcd7bf58823ab3b5f1f6250b98b829ca0c367cafb2176350f5454d25

  • SSDEEP

    6144:mJNMAvoYumDMaLVA/HmH6iWmL/M+VK0lNSOBYJ0tYRVxGGPTY:HAvoYumDHVA/m9WmLlVK0lNQHPTY

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
    "C:\Users\Admin\AppData\Local\Temp\5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads