75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887

Resubmissions

16/10/2022, 11:14

221016-nb6xjahdg3 5

16/10/2022, 10:50

221016-mxdx7shbdm 3

Analysis

max time kernel
217s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2022, 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887.exe
Size

4.3MB
MD5

a75e4e9aca59e5aa1e73be9b8ca59ecc
SHA1

862377715c68fbe4e012888c0f560ef6cb8e1d59
SHA256

75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887
SHA512

d6930a78b4c83cf3a3d19ade9e63410bb7027ff55ebe3cfa62d242d804bf2881c60fc2eebe049c047794fb4dc7214545b7946aca01e7d05be79e8e77b7e665ee
SSDEEP

98304:ouK+YFaN35LRE+AITgt4ojYDhbpaEUmk/sIiq1MtlQCtaheGgt:ou7Yo55LREd+oj6hbpaEUmA1MtSF1u

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3796 set thread context of 2184	3796	75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887.exe	90

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3796	75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887.exe
3796	75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887.exe
3796	75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3796	75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3796 wrote to memory of 2184	3796	75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887.exe	90
PID 3796 wrote to memory of 2184	3796	75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887.exe	90
PID 3796 wrote to memory of 2184	3796	75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887.exe	90
PID 3796 wrote to memory of 2184	3796	75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887.exe	90
PID 3796 wrote to memory of 2184	3796	75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887.exe	90
PID 3796 wrote to memory of 2184	3796	75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887.exe	90

C:\Users\Admin\AppData\Local\Temp\75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887.exe
"C:\Users\Admin\AppData\Local\Temp\75bf0d2f4ffaac97469fc8bea10b7461c0c8469b752ad3d8edd91e156417e887.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3796
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
  /Processid:-c
  2⤵
  PID:2184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2184-168-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-167-0x00007FFFEE480000-0x00007FFFEEF41000-memory.dmp

Filesize
10.8MB

Download
memory/2184-178-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-180-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-177-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-174-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-173-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-170-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-171-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-144-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-181-0x00007FFFEE480000-0x00007FFFEEF41000-memory.dmp

Filesize
10.8MB

Download
memory/2184-158-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-166-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-147-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-148-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-149-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-150-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-164-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-152-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-163-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/2184-156-0x0000000140000000-0x000000014006A000-memory.dmp

Filesize
424KB

Download
memory/3796-141-0x00007FF80BB90000-0x00007FF80BC3C000-memory.dmp

Filesize
688KB

Download
memory/3796-159-0x00007FF80A210000-0x00007FF80A4D9000-memory.dmp

Filesize
2.8MB

Download
memory/3796-162-0x00007FF80BB90000-0x00007FF80BC3C000-memory.dmp

Filesize
688KB

Download
memory/3796-157-0x00007FF80ACF0000-0x00007FF80ADAE000-memory.dmp

Filesize
760KB

Download
memory/3796-155-0x00007FF80C5F0000-0x00007FF80C7E5000-memory.dmp

Filesize
2.0MB

Download
memory/3796-153-0x00007FFFEE480000-0x00007FFFEEF41000-memory.dmp

Filesize
10.8MB

Download
memory/3796-143-0x00007FF80A210000-0x00007FF80A4D9000-memory.dmp

Filesize
2.8MB

Download
memory/3796-142-0x00007FF80C5F0000-0x00007FF80C7E5000-memory.dmp

Filesize
2.0MB

Download
memory/3796-132-0x000002086AB70000-0x000002086AFC4000-memory.dmp

Filesize
4.3MB

Download
memory/3796-140-0x00007FF80A210000-0x00007FF80A4D9000-memory.dmp

Filesize
2.8MB

Download
memory/3796-139-0x00007FF80ACF0000-0x00007FF80ADAE000-memory.dmp

Filesize
760KB

Download
memory/3796-138-0x00007FF80C5F0000-0x00007FF80C7E5000-memory.dmp

Filesize
2.0MB

Download
memory/3796-137-0x000002086D5A0000-0x000002086D5B2000-memory.dmp

Filesize
72KB

Download
memory/3796-136-0x00007FFFEE480000-0x00007FFFEEF41000-memory.dmp

Filesize
10.8MB

Download
memory/3796-135-0x000002086B300000-0x000002086B312000-memory.dmp

Filesize
72KB

Download
memory/3796-134-0x000002086DE90000-0x000002086E35C000-memory.dmp

Filesize
4.8MB

Download
memory/3796-133-0x00007FFFEE480000-0x00007FFFEEF41000-memory.dmp

Filesize
10.8MB

Download