39d3df8f4a3bacaf1456712177c36f4fd76acf69a174c74927c15442bc80a398

Resubmissions

15-11-2022 04:10

221115-ervd1aeh46 7

15-11-2022 03:41

221115-d86ypaeg75 7

Analysis

max time kernel
22s
max time network
62s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
15-11-2022 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39d3df8f4a3bacaf1456712177c36f4fd76acf69a174c74927c15442bc80a398.exe
Size

6.1MB
MD5

4475d543fd30e39295790f0f766dfcd7
SHA1

bd9b5b090c3c3c86be2c4e7fbe587918c2be4ef8
SHA256

39d3df8f4a3bacaf1456712177c36f4fd76acf69a174c74927c15442bc80a398
SHA512

55d292cd3ae08ff96981ded66828c333783bce2775c4581826be564211df500fa08474990c675ea145eb2702833e618b06038e7594d343234b4bdfb4b8983a7b
SSDEEP

98304:fO/zQnFA/Cv9sATR/yl9zqE4C5J+daIhtoO9Ekm6tGEvZb:f8Q62CATR/yl9+ErefXB636I8

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 3 IoCs
discovery

File Permissions Modification
T1222

Processes:

icacls.exeicacls.exeicacls.exe

pid process

4700 icacls.exe
5104 icacls.exe
4312 icacls.exe
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

2124 schtasks.exe

pid	process
4700	icacls.exe
5104	icacls.exe
4312	icacls.exe

pid	process
2124	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

39d3df8f4a3bacaf1456712177c36f4fd76acf69a174c74927c15442bc80a398.exe

pid	process
2692	39d3df8f4a3bacaf1456712177c36f4fd76acf69a174c74927c15442bc80a398.exe
2692	39d3df8f4a3bacaf1456712177c36f4fd76acf69a174c74927c15442bc80a398.exe

C:\Users\Admin\AppData\Local\Temp\39d3df8f4a3bacaf1456712177c36f4fd76acf69a174c74927c15442bc80a398.exe
"C:\Users\Admin\AppData\Local\Temp\39d3df8f4a3bacaf1456712177c36f4fd76acf69a174c74927c15442bc80a398.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2692

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /CREATE /TN "Windows\IntelComputingToolkit\IntelGAS0.2.9.5." /TR "C:\ProgramData\lntelToolSkits\IntelGAS-Ver0.2.9.5.exe" /SC MINUTE
2⤵
- Creates scheduled task(s)
PID:2124

C:\Windows\SysWOW64\icacls.exe
"C:\Windows\System32\icacls.exe" "C:\ProgramData\lntelToolSkits" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"
2⤵
- Modifies file permissions
PID:4700

C:\Windows\SysWOW64\icacls.exe
"C:\Windows\System32\icacls.exe" "C:\ProgramData\lntelToolSkits" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"
2⤵
- Modifies file permissions
PID:5104

C:\Windows\SysWOW64\icacls.exe
"C:\Windows\System32\icacls.exe" "C:\ProgramData\lntelToolSkits" /inheritance:e /deny "adMnepoxyFEYWGOLmin:(R,REA,RA,RD)"
2⤵
- Modifies file permissions
PID:4312

C:\ProgramData\lntelToolSkits\IntelGAS-Ver0.2.9.5.exe
C:\ProgramData\lntelToolSkits\IntelGAS-Ver0.2.9.5.exe
1⤵
PID:3392

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

File Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\lntelToolSkits\IntelGAS-Ver0.2.9.5.exe
Filesize
1064.6MB

MD5
09a050d301ef99351cee10a155893e90

SHA1
b2ea120a765355b407f937f5175d077be604a5b3

SHA256
9f56a53fce469b7636acce19b0179cb4491c1ef4c1f0296b30b1e2cc64f65af0

SHA512
a56426f018a662cf1b80fb214b4223bf1fa951617329407f593cf1df78721b68252ecc27e4a60204160005c0a0dfc2248e97a0d9998e7f0fc3779d5247d64f65

Download Submit
C:\ProgramData\lntelToolSkits\IntelGAS-Ver0.2.9.5.exe
Filesize
749.5MB

MD5
dd316c16cbc528388998944e3f35ea36

SHA1
1e644ac59bdc7e51f50a14badec092c17fa1bebc

SHA256
db690e93209589097c802d7c376aeddf8e3471a5d240b47f7abb43142b6e0d9f

SHA512
618c7b807152c6bcafddedbbc4c0d08c09bc49e9803188bb5ad4f98e973c420eca6e746db4609f6bfcdb595b28815018dd1518d693a96fb492a849cc7c101c0c

Download Submit
memory/2124-173-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-180-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-179-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-178-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-177-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-176-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-175-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-174-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-162-0x0000000000000000-mapping.dmp

Download
memory/2124-172-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-171-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-170-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-169-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-167-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-168-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-166-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-165-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-164-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2124-163-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-133-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-135-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-139-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-140-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-141-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-142-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-143-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-144-0x0000000000400000-0x0000000000DA3000-memory.dmp

Filesize
9.6MB

Download
memory/2692-147-0x0000000000400000-0x0000000000DA3000-memory.dmp

Filesize
9.6MB

Download
memory/2692-148-0x0000000000400000-0x0000000000DA3000-memory.dmp

Filesize
9.6MB

Download
memory/2692-149-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-150-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-151-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-152-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-153-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-154-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-155-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-156-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-157-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-158-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-159-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-160-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-161-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-137-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-136-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-138-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-134-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-116-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-132-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-131-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-130-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-129-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-128-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-127-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-126-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-125-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-124-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-123-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-121-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-122-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-120-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-119-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-117-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-118-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2692-194-0x0000000000400000-0x0000000000DA3000-memory.dmp

Filesize
9.6MB

Download
memory/4312-189-0x0000000000000000-mapping.dmp

Download
memory/4700-184-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/4700-182-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/4700-181-0x0000000000000000-mapping.dmp

Download
memory/5104-183-0x0000000000000000-mapping.dmp

Download