Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-12-2024 02:12

General

  • Target

    695b6d5d28e63cc18c2eddbff4b49c4e4ae22e8c4fe2a1c95449c5423a458d36.exe

  • Size

    305KB

  • MD5

    5c7855655e383cbece176af24670d919

  • SHA1

    655f0da6d7cd060a8998bd332fb6014893baeb2a

  • SHA256

    695b6d5d28e63cc18c2eddbff4b49c4e4ae22e8c4fe2a1c95449c5423a458d36

  • SHA512

    fb77b0b2e1e11f90df7725e93d8516325f682953c7c22fbbc9786b5b2b5131952f6f9c8f7354078af45ecd53ee84a5c2c988637ad5540b95c91e1d0f94a1f108

  • SSDEEP

    6144:RJRGyoPwcMZAwSYQ1rL4OgbDetMfhiRdsLoOJ0tYRVlOPAKePNO4:dGyoPwcMZhnQ1rL4OKDeohi3sLo7WY4

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\695b6d5d28e63cc18c2eddbff4b49c4e4ae22e8c4fe2a1c95449c5423a458d36.exe
    "C:\Users\Admin\AppData\Local\Temp\695b6d5d28e63cc18c2eddbff4b49c4e4ae22e8c4fe2a1c95449c5423a458d36.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2368

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\C50F35F455882225065987\C50F35F455882225065987.exe

    Filesize

    305KB

    MD5

    5c7855655e383cbece176af24670d919

    SHA1

    655f0da6d7cd060a8998bd332fb6014893baeb2a

    SHA256

    695b6d5d28e63cc18c2eddbff4b49c4e4ae22e8c4fe2a1c95449c5423a458d36

    SHA512

    fb77b0b2e1e11f90df7725e93d8516325f682953c7c22fbbc9786b5b2b5131952f6f9c8f7354078af45ecd53ee84a5c2c988637ad5540b95c91e1d0f94a1f108