a6dbc36c472b3ba70a98efd0db35e75c340086be15d3c3ab4e39033604d0bcf9

Analysis

max time kernel
134s
max time network
172s
platform
windows7_x64
resource
win7-20220414-en
submitted
15/04/2022, 06:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a6dbc36c472b3ba70a98efd0db35e75c340086be15d3c3ab4e39033604d0bcf9.exe
Size

113KB
MD5

3cd5fa46507657f723719b7809d2d1f9
SHA1

34ddc14b9a04eba98c3aa1cb27033e12ec847e03
SHA256

a6dbc36c472b3ba70a98efd0db35e75c340086be15d3c3ab4e39033604d0bcf9
SHA512

c589f7628f5ac5db570564abd65a26d6b67467b3064abc08a9e352eeda8bc2e28ea7d1c02e15a145d77ec3aae7ecc1890a999df8bbdf0645c05ccfb41acd2442

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1248	Adobe-x86-ui.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1248	Adobe-x86-ui.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 1248	1744	taskeng.exe	28
PID 1744 wrote to memory of 1248	1744	taskeng.exe	28
PID 1744 wrote to memory of 1248	1744	taskeng.exe	28

C:\Users\Admin\AppData\Local\Temp\a6dbc36c472b3ba70a98efd0db35e75c340086be15d3c3ab4e39033604d0bcf9.exe
"C:\Users\Admin\AppData\Local\Temp\a6dbc36c472b3ba70a98efd0db35e75c340086be15d3c3ab4e39033604d0bcf9.exe"
1⤵
PID:908

C:\Windows\system32\taskeng.exe
taskeng.exe {5C27C071-6B76-4EED-8016-E02090AF4EA3} S-1-5-21-2277218442-1199762539-2004043321-1000:AUVQQRRF\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:1744
- C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Adobe-x86-ui.exe
  C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Adobe-x86-ui.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Adobe-x86-ui.exe

Filesize
54KB

MD5
4ed42233962a89deaa89fd7b989db081

SHA1
cf731ee0af5c19231ff51af589f7434c0367d508

SHA256
a96c57c35df18ac20d83b08a88e502071bd0033add0914b951adbd1639b0b873

SHA512
78d7dc3a9d38298effa4d9e3c8e829af8cd1b49570df4f0c6e75d2724a9c0f703e06c7ff19d1ebe5d36cfc0e994417b441478b5448864ed3e4196469af6b956d

Download Submit
C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Adobe-x86-ui.exe

Filesize
54KB

MD5
4ed42233962a89deaa89fd7b989db081

SHA1
cf731ee0af5c19231ff51af589f7434c0367d508

SHA256
a96c57c35df18ac20d83b08a88e502071bd0033add0914b951adbd1639b0b873

SHA512
78d7dc3a9d38298effa4d9e3c8e829af8cd1b49570df4f0c6e75d2724a9c0f703e06c7ff19d1ebe5d36cfc0e994417b441478b5448864ed3e4196469af6b956d

Download Submit
C:\ProgramData\Adobe\Acrobat\9.0\Replicate\System.Web.Helpers.dll

Filesize
135KB

MD5
4f13bec852002ea7208deaf82b53f90d

SHA1
fffd7f988637d3f79bad6e6fb725f00aa8558044

SHA256
6bdd4e1a2887176b20bdc2d710c5d81b68b18e7006a8281f4973e9e31e25f40f

SHA512
2216dc754a787bc159e9bc363f8a57ee02caadce16dae41e73ce27cc37d7eef956983bf0dca7c78ef988030d69c4977a067b32667111ca10926a7d684771bf40

Download Submit
memory/908-54-0x0000000000900000-0x0000000000922000-memory.dmp

Filesize
136KB

Download
memory/908-55-0x000000001B090000-0x000000001B092000-memory.dmp

Filesize
8KB

Download
memory/908-56-0x00000000004E0000-0x0000000000506000-memory.dmp

Filesize
152KB

Download
memory/908-57-0x0000000000510000-0x0000000000520000-memory.dmp

Filesize
64KB

Download
memory/1248-61-0x0000000000D40000-0x0000000000D54000-memory.dmp

Filesize
80KB

Download
memory/1248-63-0x000000001B0B0000-0x000000001B0B2000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads