98b6f22370f59fd9482bf2f6c622c2afc92a441917328b2337d4b4780ab7201a

Submit
Reports

Overview

overview

Static

static

03bf25deb9...f2.zip

windows10_x64

??????V17.0.exe

windows10_x64

0a4b3a05f7...e0.exe

windows10_x64

1286783ba7...da.exe

windows10_x64

2129e70155...a9.exe

windows10_x64

29cc23f499...31.exe

windows10_x64

3536ff0652...5a.exe

windows10_x64

3e6c4e569c...f0.exe

windows10_x64

54c7b99377...94.exe

windows10_x64

595aa62880...0a.exe

windows10_x64

61eb576454...c7.exe

windows10_x64

721fd78188...27.exe

windows10_x64

7a6bc0ae41...5f.exe

windows10_x64

7c0fdee367...b8.exe

windows10_x64

7e489f1f72...21.exe

windows10_x64

8a3a5aa3a0...20.exe

windows10_x64

8bec567244...2e.exe

windows10_x64

91e956fd59...21.exe

windows10_x64

94fe30df66...ff.exe

windows10_x64

a0262556d4...a3.zip

windows10_x64

heukms/HEU....1.exe

windows10_x64

a355a148d6...0b.exe

windows10_x64

b00ffa55cc...85.exe

windows10_x64

dca66d16ee...1e.rar

windows10_x64

mini-KMS_A...NG.exe

windows10_x64

eb54cd2d61...fc.exe

windows10_x64

eb83ccd27c...3b.exe

windows10_x64

eb87a4c70b...03.exe

windows10_x64

f05119aa88...eb.exe

windows10_x64

fb01b16f03...ca.exe

windows10_x64

fd6c69c345...20.exe

windows10_x64

fe9e92957e...ca.exe

windows10_x64

Resubmissions

28-03-2022 02:35

220328-c3bd6acaaj 10

Analysis

max time kernel
44s
max time network
173s
platform
windows10_x64
resource
win10-20220223-en
submitted
28-03-2022 02:35

Sharing

Copy URL

Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

03bf25deb99486e193a91bbcab909accc31ed63a23541944a1129dbacbade4f2.zip

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

??????V17.0.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

0a4b3a05f79c66c047d02874b75208964d1930b5983a19e5365a6e4fe286f6e0.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

1286783ba7602d5456c62fd69fd73bea63c739230352d54e962b03e8d4a6a3da.exe

Resource

win10-20220310-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

2129e7015548f74908e22b4270a483d3f2c4a9e6335739c26c4c901fa86b77a9.exe

Resource

win10-20220310-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

29cc23f49938a7cd221e161b2ebb6ee9d8399aa031869ee011a059d9bf5ff831.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

3536ff0652b3dc66e28dd0700e28829f8d57713d43b92dc5445fe988e7795d5a.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

3e6c4e569c9254a2d8e3d8ceccba13dc8b0e65b2172c2e9e1d3bf1a1b18e56f0.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

54c7b993776472802f7a61d243eb7684a48dfaec1d3fdbabbcde8fef84a5d894.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

595aa6288029577e27ccbcf265aa654ef600d3b058b06ad441ebfd37371bc50a.exe

Resource

win10-20220310-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral11

Sample

61eb576454a7fd7435fc0469b86b9b8285d14daf7e172281ade900cef3dda7c7.exe

Resource

win10-20220310-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral12

Sample

721fd781881c0cda7dc52ff2d24b4a9dabe9854317098bb863f8e591c773cb27.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral13

Sample

7a6bc0ae4129f80c321dd2500a974a6b1e77829f76fddb57f36cbb886e6c295f.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral14

Sample

7c0fdee3670cc53a22844d691307570a21ae3be3ce4b66e46bb6d9baad1774b8.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral15

Sample

7e489f1f72cac9f1c88bdc6be554c78b5a14197d63d1bae7e41de638e903af21.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral16

Sample

8a3a5aa3a0b6366f18192afa46ae0bec911941359e488c25587b19bc55600f20.exe

Resource

win10-20220223-en

discovery evasion persistence

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral17

Sample

8bec56724443b4142ceea109f5179fe34f2c6ab51a0996b822b928e818201e2e.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral18

Sample

91e956fd598ecef4c04bc0d4b5852ac91aa260d7252a2020ddf1ce15d0d10521.exe

Resource

win10-20220310-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral19

Sample

94fe30df66ffa19efb5d4d95f11212273c008788410c6e59e251589ce1cea5ff.exe

Resource

win10-20220223-en

adware bootkit discovery evasion persistence stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral20

Sample

a0262556d45bb84c1e5d907fe3c7071793d39ba2bb8f5a1f775ec3fea35a0fa3.zip

Resource

win10-20220310-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral21

Sample

heukms/HEU_KMS_Activator_v19.5.1.exe

Resource

win10-20220223-en

evasion

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral22

Sample

a355a148d687d4d2c03c63f9d142fb3eb423700d46668345c17bfc83ece7100b.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral23

Sample

b00ffa55cc974a66746bf571818810ec123ad541dc8dd8a967d644f7a65bf085.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral24

Sample

dca66d16eeb26f3805ae66bac53c261c2c274c88b7ea364d9b155b39a26e2e1e.rar

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral25

Sample

mini-KMS_Activator_v1.3_Office2010_VL_ENG.exe

Resource

win10-20220310-en

upx

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral26

Sample

eb54cd2d61507b9e98712de99834437224b1cef31a81544a47d93e470b8613fc.exe

Resource

win10-20220310-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral27

Sample

eb83ccd27c799b395ceb8c2d812f816d86a5688eee9b9145c11bbb9d37b5e43b.exe

Resource

win10-20220223-en

evasion

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral28

Sample

eb87a4c70b7ef88575c4f1fd1ac47361d20a738ba95d05b91a018a313fdea003.exe

Resource

win10-20220310-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral29

Sample

f05119aa888842e9e2f48040c766ced23ea40f89d9c0160cafef0c7d5c96f5eb.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral30

Sample

fb01b16f033d19e5533c9e0846c510649eaa5c21321d1a5b9b284ab2655424ca.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral31

Sample

fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320.exe

Resource

win10-20220223-en

ramnit banker spyware stealer trojan upx worm

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral32

Sample

fe9e92957e22f009fd22fba305caa0172d5dcdd11010b848dc75913e640473ca.exe

Resource

win10-20220223-en

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

a355a148d687d4d2c03c63f9d142fb3eb423700d46668345c17bfc83ece7100b.exe
Size

1.8MB
MD5

f7a312246c24032738a403e8cbeeb60e
SHA1

fa2deea341f2320e4168e8ad26669fe4c904aa75
SHA256

a355a148d687d4d2c03c63f9d142fb3eb423700d46668345c17bfc83ece7100b
SHA512

6a4c9b4367535bbfd2d7c7d4b28edbeacd597b1da9d747e3a27898fea9de3143f73d610a34a2643c5dd8c4d3fd02652a044e88c5f274d0d56f6389953dff2005

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

a355a148d687d4d2c03c63f9d142fb3eb423700d46668345c17bfc83ece7100b.exe

pid	process
3700	a355a148d687d4d2c03c63f9d142fb3eb423700d46668345c17bfc83ece7100b.exe
3700	a355a148d687d4d2c03c63f9d142fb3eb423700d46668345c17bfc83ece7100b.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

a355a148d687d4d2c03c63f9d142fb3eb423700d46668345c17bfc83ece7100b.exe

description pid process

Token: SeSecurityPrivilege 3700 a355a148d687d4d2c03c63f9d142fb3eb423700d46668345c17bfc83ece7100b.exe

description	pid	process
Token: SeSecurityPrivilege	3700	a355a148d687d4d2c03c63f9d142fb3eb423700d46668345c17bfc83ece7100b.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a355a148d687d4d2c03c63f9d142fb3eb423700d46668345c17bfc83ece7100b.exe
"C:\Users\Admin\AppData\Local\Temp\a355a148d687d4d2c03c63f9d142fb3eb423700d46668345c17bfc83ece7100b.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3700-114-0x0000000000400000-0x00000000009A2000-memory.dmp

Filesize
5.6MB

Download