Overview

overview

7

Static

static

1

Webbito_Cosmetics.zip

windows10-2004-x64

7

Webbito Cosmetics.exe

windows10-2004-x64

7

WebbitoCosmetics.dll

windows10-2004-x64

1

Resubmissions

31/03/2023, 23:16

230331-2873raff4v 7

31/03/2023, 22:56

230331-2w382aeb62 7

31/03/2023, 22:46

230331-2p4afsea93 7

31/03/2023, 22:44

230331-2n7w9aea79 7

Analysis

  • max time kernel
    251s
  • max time network
    255s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/03/2023, 23:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Webbito Cosmetics.exe

  • Size

    23.2MB

  • MD5

    ac74ba0e49bc1c25342bc91ba0b87a15

  • SHA1

    ac9bdc2b01fcd0c2466bb2740299e6aaa7f9831d

  • SHA256

    ef622e9c5899c746f30ff14ded168a3da6fa5f6ec3d403312720bb6b301afd43

  • SHA512

    8c0e119cd767a16606902ff0d4f6ae387c40a07f8ae78fd3b4b4c0aa0c902f9d5cb83fc7acd997b05ddeebc7e60e957e98fd825396711c9d9990f3879d8f91ca

  • SSDEEP

    393216:yUUUUUUUUGUUEQYG9IGJIGqpb/AxiVvpnY6/0e9KUkC/NtZZBamujIunhnGgx3rW:QlH3F/AEZtY6/yUV/zB3aHVtcLT

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Webbito Cosmetics.exe
    "C:\Users\Admin\AppData\Local\Temp\Webbito Cosmetics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4132

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7b0f2ef2-2286-4b92-82da-d078d8426d48\SiticoneDotNetRT.dll
    Filesize

    94KB

    MD5

    14ff402962ad21b78ae0b4c43cd1f194

    SHA1

    f8a510eb26666e875a5bdd1cadad40602763ad72

    SHA256

    fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b

    SHA512

    daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7b0f2ef2-2286-4b92-82da-d078d8426d48\SiticoneDotNetRT.dll
    Filesize

    94KB

    MD5

    14ff402962ad21b78ae0b4c43cd1f194

    SHA1

    f8a510eb26666e875a5bdd1cadad40602763ad72

    SHA256

    fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b

    SHA512

    daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b

    Download Submit

  • memory/4132-133-0x0000000000970000-0x00000000020B6000-memory.dmp

    Filesize

    23.3MB

    Download

  • memory/4132-134-0x0000000007060000-0x00000000075E4000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/4132-135-0x0000000007BA0000-0x0000000008144000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4132-136-0x0000000006DA0000-0x0000000006E32000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4132-137-0x0000000006D50000-0x0000000006D5A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4132-138-0x0000000006F30000-0x0000000006F42000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4132-139-0x0000000006A20000-0x0000000006A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4132-147-0x0000000073820000-0x00000000738A9000-memory.dmp

    Filesize

    548KB

    Download

  • memory/4132-149-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-148-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-151-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-153-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-155-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-157-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-159-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-161-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-163-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-165-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-167-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-169-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-171-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-173-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-175-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-177-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-179-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-181-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-183-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-185-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-187-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-189-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-191-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-193-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-195-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-197-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-199-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-201-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-203-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-205-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-207-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-209-0x00000000090E0000-0x0000000009342000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4132-580-0x0000000006A20000-0x0000000006A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4132-14629-0x0000000006A20000-0x0000000006A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4132-14630-0x0000000006A20000-0x0000000006A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4132-14631-0x0000000006A20000-0x0000000006A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4132-14632-0x000000000BCE0000-0x000000000BD1C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4132-14633-0x0000000006A20000-0x0000000006A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4132-14634-0x0000000006A20000-0x0000000006A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4132-14635-0x0000000006A20000-0x0000000006A30000-memory.dmp

    Filesize

    64KB

    Download