Overview

overview

7

Static

static

195cd3ff86...63.exe

windows7-x64

7

195cd3ff86...63.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    53s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 10:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    195cd3ff869bd25e857e5815cd26a3523fc4d9f70841e27726a5ff0c97d6ca63.exe

  • Size

    680KB

  • MD5

    293e93dc7cd681edd2e7807c7a3f2aec

  • SHA1

    f11280c14e439d236b0b4fb2ddfc03d3cb49aff4

  • SHA256

    195cd3ff869bd25e857e5815cd26a3523fc4d9f70841e27726a5ff0c97d6ca63

  • SHA512

    5b4806e414ba8717a08fb0efc47526fbe6b4165a93edd7cc5fa480463f6b1ac654165bf35707f48d2be49ecf30811d06e3e0c7eb97a8d08c3a9d7d2d572aa6dc

  • SSDEEP

    12288:5tuuuuuuK0Jnn/b5TgIQHUbHdZPxa7JsymDm3rDG+Ll8/g:5XJneIFfob3rDGIl

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\195cd3ff869bd25e857e5815cd26a3523fc4d9f70841e27726a5ff0c97d6ca63.exe
    "C:\Users\Admin\AppData\Local\Temp\195cd3ff869bd25e857e5815cd26a3523fc4d9f70841e27726a5ff0c97d6ca63.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1464
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x564
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\bassmod.dll
    Filesize

    36KB

    MD5

    df8dc26a027784a75dde0d64b46ac5ab

    SHA1

    eb925aa1a84321fc2e805ecc347e350b64db0a71

    SHA256

    82309fbfde20354cbd0159ae00d89b3c4bcfbe4324166d5210b815aa0ba77ca9

    SHA512

    218933716d04f9ca7abaab9895fbc3acdb3dd232d1717da7ac5e6b232e18bbe5a65a41c2e1129b04d260dbb2f9dc101420aadbf12cbadfd1bf2ead2773f4e482

    Download Submit

  • memory/1464-54-0x00000000758B1000-0x00000000758B3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1464-55-0x0000000074530000-0x0000000074ADB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1464-57-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1464-58-0x0000000000606000-0x0000000000617000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1464-59-0x0000000074530000-0x0000000074ADB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1464-60-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1464-61-0x0000000000606000-0x0000000000617000-memory.dmp

    Filesize

    68KB

    Download