f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d.exe
Size

2.1MB
MD5

3a953fff32e8c817593a6a5dfdbc233d
SHA1

616d350bd5ee19630b364822da7cfce711f0cb52
SHA256

f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d
SHA512

60cd2df44f6b9e87304d69e1579cebd5606f69cd5768a5718fd60f53a7e3c111dc0963b2c7e07a1eb6fc45224a172d63b060874dbaaecc9458b7933de5ee36e8
SSDEEP

49152:9I7F1k/0hXab2VZI9S7qbrtLeB36SS47/hDu5u87hx6:QBu2EWq/t05rZy7hx6

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d.exe

pid	process
1048	f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d.exe
1048	f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d.exe

description	pid	process
Token: 33	1048	f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d.exe
Token: SeIncBasePriorityPrivilege	1048	f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d.exe

pid process

1048 f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d.exe

C:\Users\Admin\AppData\Local\Temp\f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d.exe
"C:\Users\Admin\AppData\Local\Temp\f4f9cfebc3f1f68895f22793ce8c5564352941b0f59c7a7551cccec34274ca3d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\.#\MBX@418@21220D0.###

Filesize
2KB

MD5
13c24608bf375614475ddebd69698bad

SHA1
e0240a0e6b8b3e52fd6cddabc1b1450c518a9b76

SHA256
ab98473aea7110be7e71da0cb6927f913a4070148c9c60ed1ae3a16536be9255

SHA512
d2a2c5e62a5a9d3d6cfbb19bb24215977686e964f818c8214e9deeb60b839ef5587d78d793795ae3a9e6c5c2b23e29b3d8a3978a81d6fd0562c630d0df9f9a59

Download Submit
\Users\Admin\AppData\Local\.#\MBX@418@2122120.###

Filesize
2KB

MD5
3554f2940b433ed9b76ee932838592fa

SHA1
4d43ac951ffa3e2ed2bb28ea1afef31d71c1fd37

SHA256
39d06724b4329cfbd856c7dcb92983a37fac286dcbd390bcd9cca30e2bf8b28f

SHA512
241c144df642eb8d5af64760988d524f6b4e942d8b38e65be13d281c630349480ec42ed23f832b8e5a8682fd167a42ea95ca9856c4e14c48361536710e3448c8

Download Submit
memory/1048-60-0x000000006CE10000-0x000000006CE49000-memory.dmp

Filesize
228KB

Download
memory/1048-58-0x0000000000020000-0x0000000000026000-memory.dmp

Filesize
24KB

Download
memory/1048-57-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download
memory/1048-56-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/1048-54-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/1048-61-0x000000006CE10000-0x000000006CE49000-memory.dmp

Filesize
228KB

Download
memory/1048-55-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/1048-63-0x0000000071AD0000-0x0000000071AF4000-memory.dmp

Filesize
144KB

Download
memory/1048-64-0x0000000071AD0000-0x0000000071AF4000-memory.dmp

Filesize
144KB

Download
memory/1048-65-0x000000006CE10000-0x000000006CE49000-memory.dmp

Filesize
228KB

Download
memory/1048-66-0x0000000071AD0000-0x0000000071AF4000-memory.dmp

Filesize
144KB

Download
memory/1048-67-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download