9f80baa4f56db14673a821c9b6e8f074e28a14238cd072e52fcfffdecefdb99e

Analysis

max time kernel
64s
max time network
146s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
30/01/2023, 18:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2.exe
Size

840KB
MD5

d87d72a7cace48f42bc028a67c021a2d
SHA1

becc507176180da7aa22fc7206027ab001dc5b78
SHA256

9f80baa4f56db14673a821c9b6e8f074e28a14238cd072e52fcfffdecefdb99e
SHA512

96a1c70dac3454d0ad151d990576b623eae6de2fc0cac57e97624ba97398ad95b302d3d211af9f4b4ec8590cf97be873c4aa13f764a2f4952c105a2cdc14ba4e
SSDEEP

12288:cPnr6n8kPg2nzc7iXd2pz7CqBOR/S7TXyM7CaCxtlgJ8d:cP28ig2Y7iQpyI+ITZCaJ8

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4460	powershell.exe
4460	powershell.exe
4460	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4460	powershell.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 4156	4460	powershell.exe	68
PID 4460 wrote to memory of 4156	4460	powershell.exe	68
PID 4460 wrote to memory of 4156	4460	powershell.exe	68
PID 4156 wrote to memory of 1820	4156	2.exe	69
PID 4156 wrote to memory of 1820	4156	2.exe	69
PID 4156 wrote to memory of 1820	4156	2.exe	69
PID 4460 wrote to memory of 4972	4460	powershell.exe	71
PID 4460 wrote to memory of 4972	4460	powershell.exe	71
PID 4460 wrote to memory of 4972	4460	powershell.exe	71
PID 4972 wrote to memory of 1456	4972	2.exe	72
PID 4972 wrote to memory of 1456	4972	2.exe	72
PID 4972 wrote to memory of 1456	4972	2.exe	72
PID 4460 wrote to memory of 1200	4460	powershell.exe	74
PID 4460 wrote to memory of 1200	4460	powershell.exe	74
PID 4460 wrote to memory of 1200	4460	powershell.exe	74
PID 3088 wrote to memory of 2028	3088	2.exe	75
PID 3088 wrote to memory of 2028	3088	2.exe	75
PID 3088 wrote to memory of 2028	3088	2.exe	75

C:\Users\Admin\AppData\Local\Temp\2.exe
"C:\Users\Admin\AppData\Local\Temp\2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Windows\SysWOW64\cmd.exe
  /c del C:\Users\Admin\AppData\Local\Temp\2.exe >> NUL
  2⤵
  PID:2028

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Users\Admin\AppData\Local\Temp\2.exe
  "C:\Users\Admin\AppData\Local\Temp\2.exe" .\host.txt
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4156
- - C:\Windows\SysWOW64\cmd.exe
    /c del C:\Users\Admin\AppData\Local\Temp\2.exe >> NUL
    3⤵
    PID:1820
- C:\Users\Admin\AppData\Local\Temp\2.exe
  "C:\Users\Admin\AppData\Local\Temp\2.exe" .
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4972
- - C:\Windows\SysWOW64\cmd.exe
    /c del C:\Users\Admin\AppData\Local\Temp\2.exe >> NUL
    3⤵
    PID:1456
- C:\Users\Admin\AppData\Local\Temp\2.exe
  "C:\Users\Admin\AppData\Local\Temp\2.exe"
  2⤵
  PID:1200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\host.txt

Filesize
24B

MD5
726702a1b7f3cbcef637e8a8b1f35b81

SHA1
e835959ab42e7cf75a6b3832fb986da0daa5e3f8

SHA256
63528dd4e1537f3599c35c0c84cb904d10c5b2b4cf9affd12ed0b1341a9d77a0

SHA512
fe03db9f3a21e8c3801289131588f21dc8f43a314c6bd8f025cf20a1c70fc0d83a31ccab3fa210a066f9b776f13191ba8a84d54bf0c3dddaf8597c7116514962

Download Submit
memory/3088-170-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-205-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3088-126-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-127-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-128-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-129-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-130-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-131-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-132-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-133-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-134-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-135-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-119-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-137-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-139-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-140-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-141-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-142-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-144-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-145-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-147-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-148-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-150-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-152-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-153-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-151-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-149-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-146-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-143-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-138-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-154-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-155-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-156-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-157-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-158-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-350-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3088-136-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-125-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-120-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-178-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-180-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-183-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-186-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-187-0x0000000002870000-0x00000000028C4000-memory.dmp

Filesize
336KB

Download
memory/3088-189-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-191-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-121-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-171-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-122-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-123-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-124-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3088-175-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4156-238-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4156-227-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4156-230-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4156-231-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4156-232-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4156-233-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4156-234-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4156-235-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4156-236-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4156-237-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4156-229-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4156-240-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4156-241-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4156-239-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4156-279-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4156-228-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4460-221-0x000002802E450000-0x000002802E46E000-memory.dmp

Filesize
120KB

Download
memory/4460-164-0x000002802C1B0000-0x000002802C1D2000-memory.dmp

Filesize
136KB

Download
memory/4460-206-0x000002802E960000-0x000002802E9D6000-memory.dmp

Filesize
472KB

Download
memory/4460-194-0x000002802C230000-0x000002802C26C000-memory.dmp

Filesize
240KB

Download
memory/4972-338-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4972-335-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download