Analysis
-
max time kernel
92s -
max time network
94s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
19-11-2022 04:32
General
-
Target
6303744cf9efdc3d30fa41596b14a18ad3975661de915ab2173fce7266991ca1.exe
-
Size
1.4MB
-
MD5
4f00cdbc19ecae13efde48b177ba2eb0
-
SHA1
0963289c7736406d74c62cfa84be17dd8bd9c444
-
SHA256
6303744cf9efdc3d30fa41596b14a18ad3975661de915ab2173fce7266991ca1
-
SHA512
b3a5e20b5ccf827a9fccfe6d36e08363df1892d9210a79ef3badbf921088a521330638c16bbf978db0c90ab9600ba8793a59e9113de7f2615e2e0a0eb26023a2
-
SSDEEP
24576:KNmF/mnBoDM5f7F2fQRKZk+61i5cCPWZj+Vh8H9GSG+VLUx3GHE072:KYVZo5TcfQqk+61i5cYWZjSqHkMLhkS2
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Possible privilege escalation attempt 2 IoCs
-
Loads dropped DLL 1 IoCs
-
Modifies file permissions 1 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Windows directory 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 37 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6303744cf9efdc3d30fa41596b14a18ad3975661de915ab2173fce7266991ca1.exe"C:\Users\Admin\AppData\Local\Temp\6303744cf9efdc3d30fa41596b14a18ad3975661de915ab2173fce7266991ca1.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ms.exeC:\Users\Admin\AppData\Local\Temp\ms.exe k2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exetakeown /f "C:\WINDOWS\system32\Sens.dll"3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\icacls.exeicacls "C:\WINDOWS\system32\Sens.dll" /grant administrators:F3⤵
- Possible privilege escalation attempt
- Modifies file permissions
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\ms.exeFilesize
424KB
MD5224ee144eb388979711b9c37411418c4
SHA14537031b414f1ce14182076996d72aaf710710be
SHA256d51dfedf88f777136ce1fcbba8c82e11440cf91d1baa278727f708d5c90f1253
SHA512cecc6f7ab9a61db2fdd5c6d1df2b24920f960968ff7318d4fa5da5d20bbdab023a5d8a8f5ca5f19f87d48cb15c4fb373dde0fef724f0b2fca208954894c3780d
-
C:\Users\Admin\AppData\Local\Temp\ms.exeFilesize
424KB
MD5224ee144eb388979711b9c37411418c4
SHA14537031b414f1ce14182076996d72aaf710710be
SHA256d51dfedf88f777136ce1fcbba8c82e11440cf91d1baa278727f708d5c90f1253
SHA512cecc6f7ab9a61db2fdd5c6d1df2b24920f960968ff7318d4fa5da5d20bbdab023a5d8a8f5ca5f19f87d48cb15c4fb373dde0fef724f0b2fca208954894c3780d
-
\Users\Admin\AppData\Local\Temp\ms.exeFilesize
424KB
MD5224ee144eb388979711b9c37411418c4
SHA14537031b414f1ce14182076996d72aaf710710be
SHA256d51dfedf88f777136ce1fcbba8c82e11440cf91d1baa278727f708d5c90f1253
SHA512cecc6f7ab9a61db2fdd5c6d1df2b24920f960968ff7318d4fa5da5d20bbdab023a5d8a8f5ca5f19f87d48cb15c4fb373dde0fef724f0b2fca208954894c3780d
-
memory/1488-60-0x0000000000000000-mapping.dmp
-
memory/1624-61-0x0000000000000000-mapping.dmp
-
memory/1648-56-0x0000000000000000-mapping.dmp
-
memory/1724-54-0x0000000075531000-0x0000000075533000-memory.dmpFilesize
8KB