65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23/09/2022, 03:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
Size

4.4MB
MD5

8782ecc86b76d0e3822131c2d189c4de
SHA1

c1db641a42580a99a06e2ebea22faf69703852e0
SHA256

65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9
SHA512

1503a2e33574c468a3903197c615630e9696d3dd9bbe74371fdbc8d7e53f0efe72bba810f9622d965902b7b3a2fe75e5ae20bb34a8dc3388f3e8d86d578895a2
SSDEEP

98304:rPZnBNmOLmYbXNk1s6UFWliW5Jgj+5dVBRfXAtTVXz:trLTXiCUliAJgSLSjXz

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 23 IoCs

description	ioc	Process
File created	C:\Windows\BackGround0.bmp	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File opened for modification	C:\Windows\fish2.ad	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File opened for modification	C:\Windows\DiXing.ad	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File opened for modification	C:\Windows\Particle1.ad	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File opened for modification	C:\Windows\fish0.ad	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File created	C:\Windows\fish1.bmp	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File opened for modification	C:\Windows\Music.ad	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File created	C:\Windows\Music.wav	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File created	C:\Windows\fish2.bmp	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File opened for modification	C:\Windows\fish3.ad	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File opened for modification	C:\Windows\fish4.ad	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File created	C:\Windows\Water.bmp	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File opened for modification	C:\Windows\Water.ad	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File opened for modification	C:\Windows\BackGround0.ad	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File created	C:\Windows\fish0.bmp	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File opened for modification	C:\Windows\fish1.ad	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File created	C:\Windows\fish3.bmp	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File created	C:\Windows\fish4.bmp	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File opened for modification	C:\Windows\GuppySet.ini	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File created	C:\Windows\DiXing.bmp	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File opened for modification	C:\Windows\GuangXian.ad	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File created	C:\Windows\GuangXian.bmp	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
File created	C:\Windows\Particle1.bmp	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1948	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1948	AUDIODG.EXE
Token: 33	1948	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1948	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1644	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
1644	65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe

C:\Users\Admin\AppData\Local\Temp\65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe
"C:\Users\Admin\AppData\Local\Temp\65ece61cf5fb296178e6596eb29139b90f28805525c6b78bddb74638269348f9.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1d0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1644-54-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads