1d67af849e826e2dd8a2ebf1c1ad54ae517f8d3aca93bd1a610a7c7fa0144960

Analysis

max time kernel
1633s
max time network
1640s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07/02/2023, 07:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Danger/Danger.exe
Size

60.6MB
MD5

5fa0e84b2cc83b5e9907e90501054a42
SHA1

67e8ef65c7021d17e8574eb67d58b01faf127ef1
SHA256

a2999cefe2a54df2561c3072afced1e112e2a0ddb6b5c4908d517a70d96e65f8
SHA512

457490b9e5af5b6d189642409bdcf7d71b534db56d46de6341aa1722bc7965948a0bf84930b67c18dc4c81e4fa95f93968b9c88a426db4abdca20fdeb3c32290
SSDEEP

1572864:Iy45SSDpXGMK4XRg/bfCMj+AetfgSK7aSCU/+PwXyp:Iy49gYRczqgSK7aSC++PwX2

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1832	Danger.exe
1832	Danger.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1748	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1748	AUDIODG.EXE
Token: 33	1748	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1748	AUDIODG.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 1832	828	Danger.exe	28
PID 828 wrote to memory of 1832	828	Danger.exe	28
PID 828 wrote to memory of 1832	828	Danger.exe	28
PID 892 wrote to memory of 1832	892	Danger.exe	36
PID 892 wrote to memory of 1832	892	Danger.exe	36
PID 892 wrote to memory of 1832	892	Danger.exe	36

C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe
"C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:828
- C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe
  "C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe"
  2⤵
  - Loads dropped DLL
  PID:1832

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1112

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1748

C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe
"C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:892
- C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe
  "C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe"
  2⤵
  - Loads dropped DLL
  PID:1832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI8282\python39.dll

Filesize
4.3MB

MD5
5cd203d356a77646856341a0c9135fc6

SHA1
a1f4ac5cc2f5ecb075b3d0129e620784814a48f7

SHA256
a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a

SHA512
390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8922\python39.dll

Filesize
4.3MB

MD5
5cd203d356a77646856341a0c9135fc6

SHA1
a1f4ac5cc2f5ecb075b3d0129e620784814a48f7

SHA256
a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a

SHA512
390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8282\python39.dll

Filesize
4.3MB

MD5
5cd203d356a77646856341a0c9135fc6

SHA1
a1f4ac5cc2f5ecb075b3d0129e620784814a48f7

SHA256
a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a

SHA512
390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8922\python39.dll

Filesize
4.3MB

MD5
5cd203d356a77646856341a0c9135fc6

SHA1
a1f4ac5cc2f5ecb075b3d0129e620784814a48f7

SHA256
a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a

SHA512
390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

Download Submit
memory/1112-57-0x000007FEFBDB1000-0x000007FEFBDB3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads