b0669f246b4e457e8caa9ebceb29f48222fe699251f98d54ff4e460e527d26e8

Analysis

max time kernel
156s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0669f246b4e457e8caa9ebceb29f48222fe699251f98d54ff4e460e527d26e8.exe
Size

329KB
MD5

415f9f7c54087ade20df068bb2fb20cf
SHA1

cf2df0afe498df08304ef6b11a6dd5e1fa572915
SHA256

b0669f246b4e457e8caa9ebceb29f48222fe699251f98d54ff4e460e527d26e8
SHA512

48a94af0e0f450bd671cd09a124100c664c1eaafe00b8bac2779b414aeae5d1330cb32841e037b787fdb0c3660546f115198ba8782081a4f22119c8feeb35f84
SSDEEP

6144:oFSJry9l99YeXc6ChVFvfdXpO8swhfLATHCYm+AKthZnysqDnVNRPwoxYrYBei6v:nY9l9Sxb9fd5O8JxL46+AaDysatwoxYV

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3596	b0669f246b4e457e8caa9ebceb29f48222fe699251f98d54ff4e460e527d26e8.exe
3596	b0669f246b4e457e8caa9ebceb29f48222fe699251f98d54ff4e460e527d26e8.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3596	b0669f246b4e457e8caa9ebceb29f48222fe699251f98d54ff4e460e527d26e8.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3596	b0669f246b4e457e8caa9ebceb29f48222fe699251f98d54ff4e460e527d26e8.exe
3596	b0669f246b4e457e8caa9ebceb29f48222fe699251f98d54ff4e460e527d26e8.exe

C:\Users\Admin\AppData\Local\Temp\b0669f246b4e457e8caa9ebceb29f48222fe699251f98d54ff4e460e527d26e8.exe
"C:\Users\Admin\AppData\Local\Temp\b0669f246b4e457e8caa9ebceb29f48222fe699251f98d54ff4e460e527d26e8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\dfsBD98.tmp

Filesize
496KB

MD5
101253c625eb493e8370d2620e915146

SHA1
263b79d7e28fbc52223ef817aea7f8b9a060e73c

SHA256
9bab4695daa00369eb8023a872dc1cfbfc25af0ebb2607149e494ef94b332788

SHA512
d1d479545c894c3565df740198a7e31866c0bb563c42a5b040c5670483ee5c18fffcc437643a1a79901bb1c2f255d009f27bae7d944b5e5366b59217db95bb7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\dfsBD98.tmp

Filesize
496KB

MD5
101253c625eb493e8370d2620e915146

SHA1
263b79d7e28fbc52223ef817aea7f8b9a060e73c

SHA256
9bab4695daa00369eb8023a872dc1cfbfc25af0ebb2607149e494ef94b332788

SHA512
d1d479545c894c3565df740198a7e31866c0bb563c42a5b040c5670483ee5c18fffcc437643a1a79901bb1c2f255d009f27bae7d944b5e5366b59217db95bb7b

Download Submit
memory/3596-132-0x00000000003E0000-0x00000000004B3000-memory.dmp

Filesize
844KB

Download
memory/3596-135-0x0000000004E40000-0x0000000004EC2000-memory.dmp

Filesize
520KB

Download
memory/3596-136-0x0000000000A70000-0x0000000000A73000-memory.dmp

Filesize
12KB

Download
memory/3596-137-0x00000000058B0000-0x0000000005E54000-memory.dmp

Filesize
5.6MB

Download
memory/3596-138-0x00000000053A0000-0x0000000005432000-memory.dmp

Filesize
584KB

Download
memory/3596-139-0x0000000005540000-0x000000000554A000-memory.dmp

Filesize
40KB

Download
memory/3596-140-0x0000000009530000-0x0000000009596000-memory.dmp

Filesize
408KB

Download
memory/3596-141-0x000000000B700000-0x000000000BEA6000-memory.dmp

Filesize
7.6MB

Download
memory/3596-142-0x0000000000A70000-0x0000000000A73000-memory.dmp

Filesize
12KB

Download
memory/3596-143-0x00000000003E0000-0x00000000004B3000-memory.dmp

Filesize
844KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads