7d01b035d0ced7dd20354bea8e316109ab52147a716663a5c561d723beacfec1

Analysis

max time kernel
141s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2023 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d01b035d0ced7dd20354bea8e316109ab52147a716663a5c561d723beacfec1.exe
Size

1.3MB
MD5

fd5a5a8125a82507ad066a3dc9684f4b
SHA1

fab1b816f4837417f68f6f4c5ae299875378ba9f
SHA256

7d01b035d0ced7dd20354bea8e316109ab52147a716663a5c561d723beacfec1
SHA512

7720fe811b00c878af61eb42a9ab0ca19c5862b33afa134e3cda5171e6675cbe74bede7b51cec0f32fa7e92800570c538fc3ba980ffb1c871ac3f80bfebeb9da
SSDEEP

24576:j4HXD3/WBfxnUIGSWY/iNfQ27baD+gN9vR30a/0xfUHPL9kAQ:jkXDWBJHpP6Nj6D+o9vR30K+IQ

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

Processes:

cmd.exe

description ioc process

File created C:\Windows\SysWOW64\administratortestpermissions10041 cmd.exe

description	ioc	process
File created	C:\Windows\SysWOW64\administratortestpermissions10041	cmd.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

7d01b035d0ced7dd20354bea8e316109ab52147a716663a5c561d723beacfec1.exe

pid	process
4320	7d01b035d0ced7dd20354bea8e316109ab52147a716663a5c561d723beacfec1.exe
4320	7d01b035d0ced7dd20354bea8e316109ab52147a716663a5c561d723beacfec1.exe
4320	7d01b035d0ced7dd20354bea8e316109ab52147a716663a5c561d723beacfec1.exe
4320	7d01b035d0ced7dd20354bea8e316109ab52147a716663a5c561d723beacfec1.exe
4320	7d01b035d0ced7dd20354bea8e316109ab52147a716663a5c561d723beacfec1.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

7d01b035d0ced7dd20354bea8e316109ab52147a716663a5c561d723beacfec1.exe

description	pid	process	target process
PID 4320 wrote to memory of 2244	4320	7d01b035d0ced7dd20354bea8e316109ab52147a716663a5c561d723beacfec1.exe	cmd.exe
PID 4320 wrote to memory of 2244	4320	7d01b035d0ced7dd20354bea8e316109ab52147a716663a5c561d723beacfec1.exe	cmd.exe
PID 4320 wrote to memory of 2244	4320	7d01b035d0ced7dd20354bea8e316109ab52147a716663a5c561d723beacfec1.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\7d01b035d0ced7dd20354bea8e316109ab52147a716663a5c561d723beacfec1.exe
"C:\Users\Admin\AppData\Local\Temp\7d01b035d0ced7dd20354bea8e316109ab52147a716663a5c561d723beacfec1.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4320

C:\Windows\SysWOW64\cmd.exe
cmd /c echo t>C:\Windows\system32\administratortestpermissions10041
2⤵
- Drops file in System32 directory
PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\administratortestpermissions10041
Filesize
3B

MD5
5696feb53a6ad364e3da313d7bb865c2

SHA1
43ac804404d56225c9e0e44018b43c0e46b4be53

SHA256
9e8b03ea3b48312f8e3a15bec7aa85c96a362e2776ac6bc3dfd74a40022bcc8a

SHA512
e4771bcec6bb86578ddb042a126683675e3cca83614f22bf44721b7cfddaa067ed162e692650e48a474d50e3de4728a6bfe4083500580998152cd2b4918b8516

Download Submit
memory/4320-145-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-136-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-147-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-137-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-138-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-139-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-134-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-143-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-148-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-133-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-157-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-135-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-144-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-149-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-150-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-151-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-152-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-153-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-154-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-155-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-156-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/4320-146-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download