c084e334c31cf636666e63fbff0d155fcb10cb813f21e5c262eb21530c4c1755

Analysis

max time kernel
135s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2023, 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57d15a6f866ced075bc300b1e2c37165.exe
Size

255KB
MD5

57d15a6f866ced075bc300b1e2c37165
SHA1

145479399c23aabcf01caaa3c9f6356746288e25
SHA256

c084e334c31cf636666e63fbff0d155fcb10cb813f21e5c262eb21530c4c1755
SHA512

28d45792e0f5cf819fc2a362167c2f1ab83cf5256a857f38d904d5ec26095b5c7718d2c8b913296aa809a03ee2a7b43d5e372defb2c9bf67feb3e97a0794e0a9
SSDEEP

1536:VuSmgtPAEzzeUkTVs8QbNFsCqThVaNj0XbK4ka87:VuS9AEzzeUkhs9FshThp07

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3520	57d15a6f866ced075bc300b1e2c37165.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3520	57d15a6f866ced075bc300b1e2c37165.exe

C:\Users\Admin\AppData\Local\Temp\57d15a6f866ced075bc300b1e2c37165.exe
"C:\Users\Admin\AppData\Local\Temp\57d15a6f866ced075bc300b1e2c37165.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3520

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3520-133-0x00000129B5AE0000-0x00000129B5B24000-memory.dmp

Filesize
272KB

Download
memory/3520-134-0x00000129CFFE0000-0x00000129CFFF0000-memory.dmp

Filesize
64KB

Download
memory/3520-135-0x00000129D1030000-0x00000129D1052000-memory.dmp

Filesize
136KB

Download
memory/3520-137-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-138-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-140-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-142-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-144-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-146-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-148-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-150-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-152-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-154-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-156-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-158-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-160-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-162-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-164-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-166-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-168-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-170-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-172-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-174-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-176-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-178-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-180-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-182-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-184-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-186-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-188-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-190-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-192-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-194-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-196-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-198-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-200-0x00000129D3250000-0x00000129D3340000-memory.dmp

Filesize
960KB

Download
memory/3520-379-0x00000129CFFE0000-0x00000129CFFF0000-memory.dmp

Filesize
64KB

Download
memory/3520-2456-0x00000129CFFE0000-0x00000129CFFF0000-memory.dmp

Filesize
64KB

Download
memory/3520-2457-0x00000129CFFE0000-0x00000129CFFF0000-memory.dmp

Filesize
64KB

Download
memory/3520-2458-0x00000129CFFE0000-0x00000129CFFF0000-memory.dmp

Filesize
64KB

Download
memory/3520-2459-0x00000129CFFE0000-0x00000129CFFF0000-memory.dmp

Filesize
64KB

Download