476b56a8c24676eafcb2fee7689f4ec7188f484560fa2aacf24dd951435e5155

Analysis

max time kernel
2s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 08:54

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

476b56a8c24676eafcb2fee7689f4ec7188f484560fa2aacf24dd951435e5155.exe
Size

141KB
MD5

71c7666e83a7d272f653e2e49fb4230e
SHA1

0920e55ca9e8d7a091b8ab8864900927d2117047
SHA256

476b56a8c24676eafcb2fee7689f4ec7188f484560fa2aacf24dd951435e5155
SHA512

a8605f52235c7b440a6f543a68025ef1689fbda295faf20aef91f4bdec914984346bae6d42ef146e25a8feb3ddaad2d701c111603c0e1da560299f691a1541f1
SSDEEP

3072:8mVnQXzgE2JAvOSY6BZsYoKdjDR7wRy0a28+PtMYZT:vQXzgQWSbBZssjDCRy52xtMY

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1592	476b56a8c24676eafcb2fee7689f4ec7188f484560fa2aacf24dd951435e5155.exe
1592	476b56a8c24676eafcb2fee7689f4ec7188f484560fa2aacf24dd951435e5155.exe
1592	476b56a8c24676eafcb2fee7689f4ec7188f484560fa2aacf24dd951435e5155.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1592	476b56a8c24676eafcb2fee7689f4ec7188f484560fa2aacf24dd951435e5155.exe
1592	476b56a8c24676eafcb2fee7689f4ec7188f484560fa2aacf24dd951435e5155.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1592	476b56a8c24676eafcb2fee7689f4ec7188f484560fa2aacf24dd951435e5155.exe

C:\Users\Admin\AppData\Local\Temp\476b56a8c24676eafcb2fee7689f4ec7188f484560fa2aacf24dd951435e5155.exe
"C:\Users\Admin\AppData\Local\Temp\476b56a8c24676eafcb2fee7689f4ec7188f484560fa2aacf24dd951435e5155.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\3CE2.tmp

Filesize
1.2MB

MD5
d124f55b9393c976963407dff51ffa79

SHA1
2c7bbedd79791bfb866898c85b504186db610b5d

SHA256
ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef

SHA512
278fe3a4b1fbbe700e4f4483b610133e975e36e101455661d5197bd892a68839b9d555499040d200c92aefa9e3819380e395c0cd85d5fc845c6364d128a8cf06

Download Submit
\Users\Admin\AppData\Local\Temp\3D31.tmp

Filesize
1.1MB

MD5
9b98d47916ead4f69ef51b56b0c2323c

SHA1
290a80b4ded0efc0fd00816f373fcea81a521330

SHA256
96e0ae104c9662d0d20fdf59844c2d18334e5847b6c4fc7f8ce4b3b87f39887b

SHA512
68b67021f228d8d71df4deb0b6388558b2f935a6aa466a12199cd37ada47ee588ea407b278d190d3a498b0ef3f5f1a2573a469b7ea5561ab2e7055c45565fe94

Download Submit
\Users\Admin\AppData\Local\Temp\3DBF.tmp

Filesize
202KB

MD5
7ff15a4f092cd4a96055ba69f903e3e9

SHA1
a3d338a38c2b92f95129814973f59446668402a8

SHA256
1b594e6d057c632abb3a8cf838157369024bd6b9f515ca8e774b22fe71a11627

SHA512
4b015d011c14c7e10568c09bf81894681535efb7d76c3ef9071fffb3837f62b36e695187b2d32581a30f07e79971054e231a2ca4e8ad7f0f83d5876f8c086dae

Download Submit
memory/1592-54-0x0000000074FB1000-0x0000000074FB3000-memory.dmp

Filesize
8KB

Download
memory/1592-65-0x0000000000110000-0x0000000000132000-memory.dmp

Filesize
136KB

Download
memory/1592-66-0x0000000000300000-0x000000000031F000-memory.dmp

Filesize
124KB

Download
memory/1592-67-0x0000000000380000-0x00000000003CF000-memory.dmp

Filesize
316KB

Download
memory/1592-71-0x00000000003D0000-0x00000000004D0000-memory.dmp

Filesize
1024KB

Download
memory/1592-68-0x00000000003D0000-0x00000000004D0000-memory.dmp

Filesize
1024KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads