Overview

overview

10

Static

static

10

117f6677eb...8N.exe

windows7-x64

1

117f6677eb...8N.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    105s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/03/2025, 00:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    117f6677eb682b7d088ad3acd3ef26250a4fb03f366c5c53e44d425a82a89db8N.exe

  • Size

    17KB

  • MD5

    528b08140fe6e17d064a627982522b60

  • SHA1

    943bbd088a257cf367ec368b976f4ca0459b88e5

  • SHA256

    117f6677eb682b7d088ad3acd3ef26250a4fb03f366c5c53e44d425a82a89db8

  • SHA512

    a69f23e3ec4c72cee32e0497cf061ed415724b7e164836d1a2d545527e066693eed2d804bdf9870cbd838c756efc8540504f3ebae089d905da06b1fc1d20acdc

  • SSDEEP

    192:LaDFitXkdCaRXz5MvsgzJF7Y9/tuLvzy+bDPDtJZqMeDaRzu6bh+aF9nsVVIP2e1:2DAtXmUhc/tu6+F3Du6bTsVKP1y87q9m

Score
1/10

Malware Config

Signatures

  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\117f6677eb682b7d088ad3acd3ef26250a4fb03f366c5c53e44d425a82a89db8N.exe
    "C:\Users\Admin\AppData\Local\Temp\117f6677eb682b7d088ad3acd3ef26250a4fb03f366c5c53e44d425a82a89db8N.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4164
    • C:\Windows\SYSTEM32\schtasks.exe
      schtasks /create /sc minute /mo 1 /tn "Hot" /tr "C:\Users\Admin\AppData\Local\Temp\117f6677eb682b7d088ad3acd3ef26250a4fb03f366c5c53e44d425a82a89db8N.exe"
      2⤵
      • Scheduled Task/Job: Scheduled Task
      PID:4400
  • C:\Users\Admin\AppData\Local\Temp\117f6677eb682b7d088ad3acd3ef26250a4fb03f366c5c53e44d425a82a89db8N.exe
    C:\Users\Admin\AppData\Local\Temp\117f6677eb682b7d088ad3acd3ef26250a4fb03f366c5c53e44d425a82a89db8N.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2908-8-0x00007FF8573A0000-0x00007FF857D41000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2908-9-0x00007FF8573A0000-0x00007FF857D41000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2908-10-0x00007FF8573A0000-0x00007FF857D41000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2908-12-0x00007FF8573A0000-0x00007FF857D41000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4164-0-0x00007FF857655000-0x00007FF857656000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4164-1-0x00007FF8573A0000-0x00007FF857D41000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4164-2-0x000000001C240000-0x000000001C70E000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/4164-3-0x000000001C7C0000-0x000000001C866000-memory.dmp

    Filesize

    664KB

    Download

  • memory/4164-4-0x00007FF8573A0000-0x00007FF857D41000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4164-5-0x000000001C980000-0x000000001C9E2000-memory.dmp

    Filesize

    392KB

    Download

  • memory/4164-6-0x00007FF857655000-0x00007FF857656000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4164-7-0x00007FF8573A0000-0x00007FF857D41000-memory.dmp

    Filesize

    9.6MB

    Download