c55f09a891e4f5a810b755fb45b440da012f858d12751d46308231e5a02429ee

Analysis

max time kernel
79s
max time network
89s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 23:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c55f09a891e4f5a810b755fb45b440da012f858d12751d46308231e5a02429ee.exe
Size

124KB
MD5

a28c569bd67c67f65c33780fbc05f620
SHA1

b71dff23283c19f85588280bb4211437b0c0b466
SHA256

c55f09a891e4f5a810b755fb45b440da012f858d12751d46308231e5a02429ee
SHA512

ed7e2b7e6d009008e841e12b3200511cae0d4fb7635eb505b4d133085af45fd2a2ad0c9c9f7c49c144bb5bb423faa570ccf9c555031bb8433d40f528b13ec66a
SSDEEP

3072:INahqihVU3WpgfEW4MuZHoEWAE5zYUoh:3M6I96lWzT

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\qwhzmlh.dll	c55f09a891e4f5a810b755fb45b440da012f858d12751d46308231e5a02429ee.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	940	c55f09a891e4f5a810b755fb45b440da012f858d12751d46308231e5a02429ee.exe

C:\Users\Admin\AppData\Local\Temp\c55f09a891e4f5a810b755fb45b440da012f858d12751d46308231e5a02429ee.exe
"C:\Users\Admin\AppData\Local\Temp\c55f09a891e4f5a810b755fb45b440da012f858d12751d46308231e5a02429ee.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:940

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:584

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1020

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/584-56-0x000007FEFC091000-0x000007FEFC093000-memory.dmp

Filesize
8KB

Download
memory/940-54-0x0000000001000000-0x0000000001020000-memory.dmp

Filesize
128KB

Download
memory/940-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/940-57-0x0000000001000000-0x0000000001020000-memory.dmp

Filesize
128KB

Download