a60891c8a1d77512c14952979fce1cf3713c217d01b07a2725706a0332574774 | Triage

Analysis

max time kernel
145s
max time network
151s
platform
windows7_x64
resource
win7v200430
submitted
12-05-2020 13:46

Sharing

Report Analysis Logs

General

Target

745787747877.bin.exe
Size

402KB
MD5

fa07ab12e32195ccf094985892d70cf2
SHA1

78ef4a2709ab08aa7c62961991388cacfab3c353
SHA256

a1cb58fb08f1a05994840af272013f82d390dddb0c22260d028c8e20d5320d68
SHA512

8ad30924a9be8b185ae22a78a0a511caa06d6bc753087a4cc7f439bd9190a866adc504815f0aaa5445bd9e998abebc98ad39c2cae1babd95724931e96656e7d1

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.ionos.fr
Port:
587
Username:
contact@estfacades.fr
Password:
Kayseri38&

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

745787747877.bin.exe

description pid process

Token: SeDebugPrivilege 288 745787747877.bin.exe
Drops startup file 1 IoCs

Processes:

745787747877.bin.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hytrre.js 745787747877.bin.exe

C:\Users\Admin\AppData\Local\Temp\745787747877.bin.exe
"C:\Users\Admin\AppData\Local\Temp\745787747877.bin.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Drops startup file
PID:288

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...