Managed XDR

c-windows-ds2kol.exe — malware analysis report

File info

Filename
c-windows-ds2kol.exe
File type
PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
File size
83 KB
First seen
Last seen

Environment

w10/x86 en

Hashes

SHA1
3ca0c33af7371e4f998a30b57c5eb5390204b130
SHA256
e00a30c59eee692a0b6f36e45e5ae2f3840abb0c8705164fe4d0367e5d4fccc2
MD5
2c479c54e4a5c95470304215bbc59f67

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_polymorphic: Creates a modified copy of itself
T1027.002 packer_upx: The executable file is compressed using UPX
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1480 system_default_lang_id_present: Checks the system language
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1027.002 packer_entropy: Probably contains compressed or encrypted data

Discovery

T1497.003 antisandbox_sleep: The process attempted to slow down analysis

Command and Control

T1071.001 network_cnc_http: Suspicious HTTP traffic
T1071.001 network_http: Performs HTTP requests

Other

suricata_alert: Malicious traffic detected
creates_exe: Creates executable files in the file system
creates_in_windows: Creates files in the Windows directory
writes_data: Writes big amount of data to disk