d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f

Analysis

max time kernel
108s
max time network
146s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
24/09/2022, 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe
Size

11.1MB
MD5

0345b9909e6f8a67627c667d100da1e8
SHA1

1b72c7372856bd71550e1184e353f452ff2b61a8
SHA256

d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f
SHA512

7bb53312ede16b3cfde48b897ed8f7047e8b47136099d96c83c3e50e64f3485bbc03d814acabbca279c937661111bb9d95fd03b02f28e5da667491567f33beed
SSDEEP

98304:mLhN1g08p4z04z6Iswit0wdusXob3JvCO4u/iP/G+qh05jee2xONMhteFlaA4SG:2nf6IBwd7YjcJXVNDFlsSSrdaF22yT

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "C:\\Users\\Admin\\AppData\\Roaming\\NVIDIA\\dllhost.exe"	d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2664 set thread context of 3764	2664	d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe	66

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3764	d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 3764	2664	d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe	66
PID 2664 wrote to memory of 3764	2664	d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe	66
PID 2664 wrote to memory of 3764	2664	d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe	66
PID 2664 wrote to memory of 3764	2664	d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe	66
PID 2664 wrote to memory of 3764	2664	d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe	66
PID 2664 wrote to memory of 3764	2664	d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe	66
PID 2664 wrote to memory of 3764	2664	d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe	66
PID 2664 wrote to memory of 3764	2664	d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe	66

C:\Users\Admin\AppData\Local\Temp\d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe
"C:\Users\Admin\AppData\Local\Temp\d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Users\Admin\AppData\Local\Temp\d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe
  "C:\Users\Admin\AppData\Local\Temp\d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious use of AdjustPrivilegeToken
  PID:3764

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\d3061098277ac0e6dbc8f21e232e8b8514dca48b8b6b95cc583a6049d36eaf1f.exe.log

Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
memory/2664-115-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-116-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-117-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-118-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-119-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-120-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-121-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-122-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-123-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-124-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-125-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-126-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-128-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-127-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-129-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-130-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-131-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-134-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-133-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-132-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-135-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-136-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-137-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-138-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-139-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-140-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-142-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-143-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-141-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-144-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-145-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-146-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-147-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-148-0x00000000002C0000-0x0000000000DDC000-memory.dmp

Filesize
11.1MB

Download
memory/2664-149-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-150-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-154-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-153-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-156-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-157-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-162-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-165-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-163-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-164-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-161-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-160-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-159-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-158-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-155-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-151-0x00000000011A0000-0x00000000011AA000-memory.dmp

Filesize
40KB

Download
memory/3764-167-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-168-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-169-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-166-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-170-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-171-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-173-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-172-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-174-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-175-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-177-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-178-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-179-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-176-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-180-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/3764-229-0x0000000006440000-0x000000000693E000-memory.dmp

Filesize
5.0MB

Download
memory/3764-230-0x0000000006020000-0x00000000060B2000-memory.dmp

Filesize
584KB

Download
memory/3764-234-0x0000000006280000-0x000000000628A000-memory.dmp

Filesize
40KB

Download