Analysis
-
max time kernel
147s -
max time network
79s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
23-02-2023 17:43
Static task
static1
Behavioral task
behavioral1
Sample
f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe
Resource
win10v2004-20230220-en
General
-
Target
f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe
-
Size
239KB
-
MD5
50cc3a3bca96d7096c8118e838d9bc16
-
SHA1
b286b58ed32b6df4ecdb5df86d7d7d177bb7bfaf
-
SHA256
f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee
-
SHA512
85f4926129923d96ba5161a5e920201ed0873ecbdbda671972bcfa12d43767f88ae71638f2105cdec5c7b2f45faee82e9122eee6057369e773fec18c09613ac4
-
SSDEEP
3072:CdNxFQ6nlfxOk0HUF6G3sJrDKLSJ/g+n07fJ1yXNvl/wywaixw/zrvxt780nlkgm:Ym6nlf/yE3sJrGYo+07fJ1U5cwrrD83l
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
Processes:
f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exedescription pid process Token: SeShutdownPrivilege 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe Token: SeShutdownPrivilege 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe Token: SeShutdownPrivilege 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe Token: SeShutdownPrivilege 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe Token: SeShutdownPrivilege 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe -
Suspicious use of FindShellTrayWindow 36 IoCs
Processes:
f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exepid process 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe -
Suspicious use of SendNotifyMessage 36 IoCs
Processes:
f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exepid process 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exepid process 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe 816 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe"C:\Users\Admin\AppData\Local\Temp\f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\DontSleep\DontSleep.iniFilesize
25B
MD571bfa4b1b2a2049befa50a86463a014f
SHA18ca6218c1f92b40da01501e18786cc2724e4c769
SHA256a4683279940ca2ea6c25b63f07f41d7e2eab4ac3246ff57c8c771e7c923abd29
SHA512574ccbc6a9387eed4e74af3e06a5023db1f74e24a8a9f3e9a96bee77483c3e5da257df4ff7976f7e389f51ec9ca89c56b103186fe499f5f3839738cafe657735