Analysis

  • max time kernel
    104s
  • max time network
    164s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250314-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
  • submitted
    28/03/2025, 19:55

General

  • Target

    update2.exe

  • Size

    3.3MB

  • MD5

    3876620b2dfe935da42b2a7b39d3fd76

  • SHA1

    3a0062512fb9899bec89bddeb57623bb1266e3ed

  • SHA256

    99275da9ed9468cf8db779b7a87a87b446d955b235e1d0028a0a41a1ddbb516d

  • SHA512

    e597612c0cd629dc055b9880b2b9735c74a497050f6f78c9b2628780d40ea1d5b1586a0cff322e84779147024d7de23346827dbb41fe6f01b02ee0ee55d5ec61

  • SSDEEP

    49152:yX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QY:ylRsZ47/QXoHUOfAoj1x6Y

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\update2.exe
    "C:\Users\Admin\AppData\Local\Temp\update2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4228
    • C:\Windows\system32\wbem\wmic.exe
      wmic os get oslanguage /FORMAT:LIST
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads