7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8

Analysis

max time kernel
91s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe
Size

432KB
MD5

31106c988a40ad9a884dd9040e0f8992
SHA1

848e60f82adf77fb4bfafe48ce7fb0857c1b4cac
SHA256

7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8
SHA512

ba46a4f6e49a4ac9c28021d0f370fdc5f254189b5af376ac9876fd8f59784aeed10a6c4349aa2a29188f57439e8b06436638ebc03874fab59f3cf6727901c54e
SSDEEP

6144:99AmL6pFZ0aTaYn1W0ugmvmOZzsz5czJltTBLvu9VYsi3n/9u2YDbX5:992LDKgmRsqtTVvuuQ2sJ

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2460	selkc.exe
1756	selkc.exe

Drops file in System32 directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\selkc.exe	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe
File opened for modification	C:\Windows\SysWOW64\selkc.dat	selkc.exe
File opened for modification	C:\Windows\SysWOW64\xcopy.exe	selkc.exe
File created	C:\Windows\SysWOW64\selkc.exe	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe
File opened for modification	C:\Windows\SysWOW64\xcopy.exe	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe
File created	C:\Windows\SysWOW64\tmp.bat	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe
File created	C:\Windows\SysWOW64\selkc.dat	selkc.exe
File opened for modification	C:\Windows\SysWOW64\selkc.dat	selkc.exe
File opened for modification	C:\Windows\SysWOW64\xcopy.exe	selkc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1756	selkc.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 2460	3080	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe	77
PID 3080 wrote to memory of 2460	3080	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe	77
PID 3080 wrote to memory of 2460	3080	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe	77
PID 3080 wrote to memory of 3624	3080	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe	78
PID 3080 wrote to memory of 3624	3080	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe	78
PID 3080 wrote to memory of 3624	3080	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe	78
PID 1756 wrote to memory of 4604	1756	selkc.exe	81
PID 1756 wrote to memory of 4604	1756	selkc.exe	81
PID 1756 wrote to memory of 4604	1756	selkc.exe	81

C:\Users\Admin\AppData\Local\Temp\7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe
"C:\Users\Admin\AppData\Local\Temp\7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Windows\SysWOW64\selkc.exe
  C:\Windows\system32\selkc.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:2460
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\system32\tmp.bat
  2⤵
  PID:3624

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
1⤵
PID:4604

C:\Windows\SysWOW64\selkc.exe
C:\Windows\SysWOW64\selkc.exe -service
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\selkc.dat

Filesize
384KB

MD5
52b379a5b5ccd2500f966065009a6fa6

SHA1
8bec3977828436f1f2746b6c3569eb7ada540419

SHA256
ba9612db071d660d7f932a4ec979f3a36a42af944ac4a792d944d0a7ca6ba276

SHA512
4ab7bbabded99e423e8a6cc1ee6dabc03452e0e0bd8b7cb7f646bc9fd71c335e43e12b498a20e189c93e7eb6a5cef90c22c739205ffc498053b922a9e4385cc9

Download Submit
C:\Windows\SysWOW64\selkc.exe

Filesize
432KB

MD5
31106c988a40ad9a884dd9040e0f8992

SHA1
848e60f82adf77fb4bfafe48ce7fb0857c1b4cac

SHA256
7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8

SHA512
ba46a4f6e49a4ac9c28021d0f370fdc5f254189b5af376ac9876fd8f59784aeed10a6c4349aa2a29188f57439e8b06436638ebc03874fab59f3cf6727901c54e

Download Submit
C:\Windows\SysWOW64\selkc.exe

Filesize
432KB

MD5
31106c988a40ad9a884dd9040e0f8992

SHA1
848e60f82adf77fb4bfafe48ce7fb0857c1b4cac

SHA256
7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8

SHA512
ba46a4f6e49a4ac9c28021d0f370fdc5f254189b5af376ac9876fd8f59784aeed10a6c4349aa2a29188f57439e8b06436638ebc03874fab59f3cf6727901c54e

Download Submit
C:\Windows\SysWOW64\selkc.exe

Filesize
432KB

MD5
31106c988a40ad9a884dd9040e0f8992

SHA1
848e60f82adf77fb4bfafe48ce7fb0857c1b4cac

SHA256
7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8

SHA512
ba46a4f6e49a4ac9c28021d0f370fdc5f254189b5af376ac9876fd8f59784aeed10a6c4349aa2a29188f57439e8b06436638ebc03874fab59f3cf6727901c54e

Download Submit
C:\Windows\SysWOW64\tmp.bat

Filesize
303B

MD5
218b0efc6216dce3363177528f46a90c

SHA1
1bf0a8a9c2098a33a0f587d7cd7710c21944f68a

SHA256
8a34598229cab2d5b12de0add989c6ff26a072b56e06164a66ab610cea9cc953

SHA512
c0995d1183f5bf2e4eba21ee651d831cef6423e21744a190c0ce508b8b58a2091cb4635f28b5206d7363ca1bedad209ce643e90f14b775d43bdb350a9d0499d8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads