b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 15:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe
Size

623KB
MD5

330cdbcb649ea8c2909bf08f8dbce00a
SHA1

8875900f16ec4517234c33eb40e749bd7540bf41
SHA256

b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525
SHA512

3f2b9e7c3c0bf110d4a11429aafca02d4629b82252b7fb87a4d5297e8ca06f9e60fa99d68efbbb3826fa456b441eb071daacb3359aa4f501fe3d13dfc7fec470
SSDEEP

12288:oMNoNI3YJAQra0cXwxXr7ypm4eSs1k2s5YqK7:oMNoGWVXcXw7KeSsQY9

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1388	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe

Loads dropped DLL 1 IoCs

pid	Process
112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 112 set thread context of 568	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	31
PID 112 set thread context of 1388	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	32

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe
112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe
112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 764	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	27
PID 112 wrote to memory of 764	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	27
PID 112 wrote to memory of 764	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	27
PID 112 wrote to memory of 764	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	27
PID 112 wrote to memory of 276	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	29
PID 112 wrote to memory of 276	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	29
PID 112 wrote to memory of 276	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	29
PID 112 wrote to memory of 276	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	29
PID 112 wrote to memory of 568	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	31
PID 112 wrote to memory of 568	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	31
PID 112 wrote to memory of 568	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	31
PID 112 wrote to memory of 568	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	31
PID 112 wrote to memory of 568	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	31
PID 112 wrote to memory of 568	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	31
PID 112 wrote to memory of 568	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	31
PID 112 wrote to memory of 568	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	31
PID 112 wrote to memory of 568	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	31
PID 112 wrote to memory of 568	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	31
PID 112 wrote to memory of 568	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	31
PID 112 wrote to memory of 568	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	31
PID 112 wrote to memory of 568	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	31
PID 112 wrote to memory of 568	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	31
PID 112 wrote to memory of 1388	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	32
PID 112 wrote to memory of 1388	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	32
PID 112 wrote to memory of 1388	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	32
PID 112 wrote to memory of 1388	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	32
PID 112 wrote to memory of 1388	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	32
PID 112 wrote to memory of 1388	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	32
PID 112 wrote to memory of 1388	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	32
PID 112 wrote to memory of 1388	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	32
PID 112 wrote to memory of 1388	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	32
PID 112 wrote to memory of 1388	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	32
PID 112 wrote to memory of 1388	112	b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe	32

C:\Users\Admin\AppData\Local\Temp\b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe
"C:\Users\Admin\AppData\Local\Temp\b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:112
- C:\Windows\SysWOW64\CMD.exe
  "CMD"
  2⤵
  PID:764
- C:\Windows\SysWOW64\CMD.exe
  "CMD"
  2⤵
  PID:276
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\\AppLaunch.exe"
  2⤵
  PID:568
- C:\Users\Admin\AppData\Local\Temp\b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe
  "C:\Users\Admin\AppData\Local\Temp\b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe"
  2⤵
  - Executes dropped EXE
  PID:1388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe

Filesize
623KB

MD5
330cdbcb649ea8c2909bf08f8dbce00a

SHA1
8875900f16ec4517234c33eb40e749bd7540bf41

SHA256
b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525

SHA512
3f2b9e7c3c0bf110d4a11429aafca02d4629b82252b7fb87a4d5297e8ca06f9e60fa99d68efbbb3826fa456b441eb071daacb3359aa4f501fe3d13dfc7fec470

Download Submit
\Users\Admin\AppData\Local\Temp\b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525.exe

Filesize
623KB

MD5
330cdbcb649ea8c2909bf08f8dbce00a

SHA1
8875900f16ec4517234c33eb40e749bd7540bf41

SHA256
b70fe2090bfae323f14f6b3d98c6d1be5aa6d6151f05ac380c402d5c22298525

SHA512
3f2b9e7c3c0bf110d4a11429aafca02d4629b82252b7fb87a4d5297e8ca06f9e60fa99d68efbbb3826fa456b441eb071daacb3359aa4f501fe3d13dfc7fec470

Download Submit
memory/112-59-0x0000000074180000-0x000000007472B000-memory.dmp

Filesize
5.7MB

Download
memory/112-56-0x0000000074180000-0x000000007472B000-memory.dmp

Filesize
5.7MB

Download
memory/112-54-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download
memory/112-84-0x0000000074180000-0x000000007472B000-memory.dmp

Filesize
5.7MB

Download
memory/112-55-0x0000000000549000-0x000000000054D000-memory.dmp

Filesize
16KB

Download
memory/568-61-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/568-63-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/568-66-0x00000000001E0000-0x00000000001E004E-memory.dmp

Filesize
78B

Download
memory/568-68-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/568-70-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/568-72-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/568-64-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/568-60-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1388-80-0x00000000000C0000-0x00000000000C004E-memory.dmp

Filesize
78B

Download
memory/1388-86-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1388-87-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download