Overview

overview

10

Static

static

5453834568...f1.rar

windows7-x64

3

5453834568...f1.rar

windows10-2004-x64

3

IDM 6.21 B...ch.exe

windows7-x64

7

IDM 6.21 B...ch.exe

windows10-2004-x64

7

IDM 6.21 B...17.exe

windows7-x64

10

IDM 6.21 B...17.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2022 23:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IDM 6.21 Build 17/Patch/1.internet.download.manager.v6-patch.exe

  • Size

    201KB

  • MD5

    26c455a7211b88c0dbea04c33f7bd9aa

  • SHA1

    5f4a63563c33d9569c70cc828b97a852008d2c7f

  • SHA256

    af57d588d5b5ef9ac84b51df745f628e5e4bd998ddd4e4a301074e77fd8c632a

  • SHA512

    ea4a8716f1c6779525be01d2104a24e25c327e5606b3e0aa79dcbac2007c98016d2529f3ef66ced10711a0d96453df26f81f2721aebd2f77d2e580fc16524ebd

  • SSDEEP

    3072:hqT1m55Hm9fxaGOyWLVjXEECCE8DHe7YcDoX:h41qkqEcHeZY

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IDM 6.21 Build 17\Patch\1.internet.download.manager.v6-patch.exe
    "C:\Users\Admin\AppData\Local\Temp\IDM 6.21 Build 17\Patch\1.internet.download.manager.v6-patch.exe"
    1⤵
    • Loads dropped DLL
    PID:4940
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4e0 0x324
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\bassmod.dll
    Filesize

    9KB

    MD5

    780d14604d49e3c634200c523def8351

    SHA1

    e208ef6f421d2260070a9222f1f918f1de0a8eeb

    SHA256

    844eb66a10b848d3a71a8c63c35f0a01550a46d2ff8503e2ca8947978b03b4d2

    SHA512

    a49c030f11da8f0cdc4205c86bec00653ec2f8899983cad9d7195fd23255439291aaec5a7e128e1a103efd93b8566e86f15af89eba4efebf9debce14a7a5564b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\dup2patcher.dll
    Filesize

    115KB

    MD5

    cd81d44f0a4a4ac1b6147ce47a3fef16

    SHA1

    7f96393f401590f2e52a02eac4aa8237cda8a76d

    SHA256

    8a30160baae13796259accad7e20909db2688b421c5e51aaf79492c620f53552

    SHA512

    142f5f41ab82de04930e2b8c70fb2211d65c3457240eadc57b3aefa9b6a445b9b5b6f132d5578e1342729b724764b9190d36b3e40016a1812caaefc6fdb79582

    Download Submit
  • memory/4940-133-0x0000000074D00000-0x0000000074E0A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/4940-135-0x0000000074D00000-0x0000000074E0A000-memory.dmp
    Filesize

    1.0MB

    Download