Overview

overview

10

Static

static

10

117f6677eb...8N.exe

windows7-x64

1

117f6677eb...8N.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    23/03/2025, 00:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    117f6677eb682b7d088ad3acd3ef26250a4fb03f366c5c53e44d425a82a89db8N.exe

  • Size

    17KB

  • MD5

    528b08140fe6e17d064a627982522b60

  • SHA1

    943bbd088a257cf367ec368b976f4ca0459b88e5

  • SHA256

    117f6677eb682b7d088ad3acd3ef26250a4fb03f366c5c53e44d425a82a89db8

  • SHA512

    a69f23e3ec4c72cee32e0497cf061ed415724b7e164836d1a2d545527e066693eed2d804bdf9870cbd838c756efc8540504f3ebae089d905da06b1fc1d20acdc

  • SSDEEP

    192:LaDFitXkdCaRXz5MvsgzJF7Y9/tuLvzy+bDPDtJZqMeDaRzu6bh+aF9nsVVIP2e1:2DAtXmUhc/tu6+F3Du6bTsVKP1y87q9m

Score
1/10

Malware Config

Signatures

  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\117f6677eb682b7d088ad3acd3ef26250a4fb03f366c5c53e44d425a82a89db8N.exe
    "C:\Users\Admin\AppData\Local\Temp\117f6677eb682b7d088ad3acd3ef26250a4fb03f366c5c53e44d425a82a89db8N.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Windows\system32\schtasks.exe
      schtasks /create /sc minute /mo 1 /tn "Hot" /tr "C:\Users\Admin\AppData\Local\Temp\117f6677eb682b7d088ad3acd3ef26250a4fb03f366c5c53e44d425a82a89db8N.exe"
      2⤵
      • Scheduled Task/Job: Scheduled Task
      PID:2460
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {A7065CD1-3EF4-4A00-9F89-8C177A36A55C} S-1-5-21-2039016743-699959520-214465309-1000:PIDEURYY\Admin:Interactive:[1]
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Local\Temp\117f6677eb682b7d088ad3acd3ef26250a4fb03f366c5c53e44d425a82a89db8N.exe
      C:\Users\Admin\AppData\Local\Temp\117f6677eb682b7d088ad3acd3ef26250a4fb03f366c5c53e44d425a82a89db8N.exe
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2664-4-0x000007FEF5F60000-0x000007FEF68FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2664-5-0x000007FEF5F60000-0x000007FEF68FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2664-6-0x000007FEF5F60000-0x000007FEF68FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2664-7-0x000007FEF5F60000-0x000007FEF68FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2708-0-0x000007FEF621E000-0x000007FEF621F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-2-0x000007FEF5F60000-0x000007FEF68FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2708-1-0x000007FEF5F60000-0x000007FEF68FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2708-3-0x000007FEF5F60000-0x000007FEF68FD000-memory.dmp

    Filesize

    9.6MB

    Download