0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

Analysis

max time kernel
151s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe
Size

205KB
MD5

82d7a8cb3b0405df65982389c827e5f7
SHA1

67b72750aa7b0172d6e529613442bbb1f9097175
SHA256

0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e
SHA512

761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91
SSDEEP

6144:XWEM/b1DOxiVHpzpyvw7kRriSMSPLUKIRhC3T:X7M16EHyvwyriSrLxwhCD

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
976	msnmanegers.exe
1752	msnmanegers.exe
852	msnmanegers.exe
384	msnmanegers.exe
1508	msnmanegers.exe

Loads dropped DLL 10 IoCs

pid	Process
1812	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe
1812	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe
976	msnmanegers.exe
976	msnmanegers.exe
1752	msnmanegers.exe
1752	msnmanegers.exe
852	msnmanegers.exe
852	msnmanegers.exe
384	msnmanegers.exe
384	msnmanegers.exe

Drops file in System32 directory 7 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\msnmanegers.exe	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe
File opened for modification	C:\Windows\SysWOW64\msnmanegers.exe	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe
File created	C:\Windows\SysWOW64\msnmanegers.exe	msnmanegers.exe
File created	C:\Windows\SysWOW64\msnmanegers.exe	msnmanegers.exe
File created	C:\Windows\SysWOW64\msnmanegers.exe	msnmanegers.exe
File created	C:\Windows\SysWOW64\msnmanegers.exe	msnmanegers.exe
File created	C:\Windows\SysWOW64\msnmanegers.exe	msnmanegers.exe

Suspicious behavior: EnumeratesProcesses 39 IoCs

pid	Process
1812	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe
1812	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe
1812	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe
1812	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe
1812	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe
1812	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe
1812	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe
976	msnmanegers.exe
976	msnmanegers.exe
976	msnmanegers.exe
976	msnmanegers.exe
976	msnmanegers.exe
976	msnmanegers.exe
1752	msnmanegers.exe
1752	msnmanegers.exe
1752	msnmanegers.exe
1752	msnmanegers.exe
1752	msnmanegers.exe
1752	msnmanegers.exe
1752	msnmanegers.exe
852	msnmanegers.exe
852	msnmanegers.exe
852	msnmanegers.exe
852	msnmanegers.exe
852	msnmanegers.exe
852	msnmanegers.exe
384	msnmanegers.exe
384	msnmanegers.exe
384	msnmanegers.exe
384	msnmanegers.exe
384	msnmanegers.exe
384	msnmanegers.exe
384	msnmanegers.exe
1508	msnmanegers.exe
1508	msnmanegers.exe
1508	msnmanegers.exe
1508	msnmanegers.exe
1508	msnmanegers.exe
1508	msnmanegers.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1812	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe
Token: SeDebugPrivilege	1752	msnmanegers.exe
Token: SeDebugPrivilege	384	msnmanegers.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 976	1812	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe	28
PID 1812 wrote to memory of 976	1812	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe	28
PID 1812 wrote to memory of 976	1812	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe	28
PID 1812 wrote to memory of 976	1812	0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe	28
PID 976 wrote to memory of 1752	976	msnmanegers.exe	29
PID 976 wrote to memory of 1752	976	msnmanegers.exe	29
PID 976 wrote to memory of 1752	976	msnmanegers.exe	29
PID 976 wrote to memory of 1752	976	msnmanegers.exe	29
PID 1752 wrote to memory of 852	1752	msnmanegers.exe	30
PID 1752 wrote to memory of 852	1752	msnmanegers.exe	30
PID 1752 wrote to memory of 852	1752	msnmanegers.exe	30
PID 1752 wrote to memory of 852	1752	msnmanegers.exe	30
PID 852 wrote to memory of 384	852	msnmanegers.exe	31
PID 852 wrote to memory of 384	852	msnmanegers.exe	31
PID 852 wrote to memory of 384	852	msnmanegers.exe	31
PID 852 wrote to memory of 384	852	msnmanegers.exe	31
PID 384 wrote to memory of 1508	384	msnmanegers.exe	32
PID 384 wrote to memory of 1508	384	msnmanegers.exe	32
PID 384 wrote to memory of 1508	384	msnmanegers.exe	32
PID 384 wrote to memory of 1508	384	msnmanegers.exe	32

C:\Users\Admin\AppData\Local\Temp\0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe
"C:\Users\Admin\AppData\Local\Temp\0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Windows\SysWOW64\msnmanegers.exe
  C:\Windows\system32\msnmanegers.exe -bai C:\Users\Admin\AppData\Local\Temp\0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:976
- - C:\Windows\SysWOW64\msnmanegers.exe
    C:\Windows\system32\msnmanegers.exe -bai C:\Windows\SysWOW64\msnmanegers.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1752
  - - C:\Windows\SysWOW64\msnmanegers.exe
      C:\Windows\system32\msnmanegers.exe -bai C:\Windows\SysWOW64\msnmanegers.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:852
    - - C:\Windows\SysWOW64\msnmanegers.exe
        
        C:\Windows\system32\msnmanegers.exe -bai C:\Windows\SysWOW64\msnmanegers.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:384
      - C:\Windows\SysWOW64\msnmanegers.exe
        
        C:\Windows\system32\msnmanegers.exe -bai C:\Windows\SysWOW64\msnmanegers.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
C:\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
C:\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
C:\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
C:\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
C:\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
\Windows\SysWOW64\msnmanegers.exe

Filesize
205KB

MD5
82d7a8cb3b0405df65982389c827e5f7

SHA1
67b72750aa7b0172d6e529613442bbb1f9097175

SHA256
0d6321de644695fdcc204797139b2c71c4ad1c72d63dcfc0acb43758b1e98a9e

SHA512
761ef1cb54dcfed5ec674eae398d4bf20b5cd0925f8401d3079d9a60bc64f3c76c5d1720e138ba0b03016b6f719020d2bba8ccfce7d2eb51980dbffe0dc73b91

Download Submit
memory/384-100-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/384-95-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/384-93-0x0000000003010000-0x0000000003120000-memory.dmp

Filesize
1.1MB

Download
memory/384-92-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/852-83-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/852-84-0x0000000002E50000-0x0000000002F60000-memory.dmp

Filesize
1.1MB

Download
memory/852-91-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/852-86-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/976-73-0x00000000035B0000-0x0000000004593000-memory.dmp

Filesize
15.9MB

Download
memory/976-72-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/976-63-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/976-76-0x00000000035B0000-0x0000000004593000-memory.dmp

Filesize
15.9MB

Download
memory/976-66-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/976-62-0x0000000002D60000-0x0000000002E70000-memory.dmp

Filesize
1.1MB

Download
memory/1508-101-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/1508-102-0x0000000002DB0000-0x0000000002EC0000-memory.dmp

Filesize
1.1MB

Download
memory/1752-77-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/1752-71-0x0000000002FD0000-0x00000000030E0000-memory.dmp

Filesize
1.1MB

Download
memory/1752-74-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/1752-82-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/1812-56-0x00000000030F0000-0x0000000003200000-memory.dmp

Filesize
1.1MB

Download
memory/1812-61-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/1812-54-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download
memory/1812-55-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download