92428e406ff82aef4912f0d84752053ce69e2303769a9e1cdccb804c6998a945

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2023, 01:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9d611670d5a5aa621e0e5f07e07b4ae0065a6a0e2aa7d4b370cd65fc03d1b36b.exe
Size

3.4MB
MD5

6b1ba532bbd0e06814e70daae3438804
SHA1

922fd9d05a2ca57dd499b737c0e5f669e44f7b11
SHA256

9d611670d5a5aa621e0e5f07e07b4ae0065a6a0e2aa7d4b370cd65fc03d1b36b
SHA512

078dafec7b703b2fe66fe75f3a3ab7aea50f84f203113e219d14ff6bc1db5d7507dc7567705287e771b06c469a58c52d5bc303f1b6f0ac420889148926393c3e
SSDEEP

98304:9r1eGnF1ZNUdyNH0RnzTHx0XkSFNWfGbb8YS:9rUGn3YdcH0FvHWkyNkgAR

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1336	powershell.exe
1336	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1336	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 1336	4812	9d611670d5a5aa621e0e5f07e07b4ae0065a6a0e2aa7d4b370cd65fc03d1b36b.exe	91
PID 4812 wrote to memory of 1336	4812	9d611670d5a5aa621e0e5f07e07b4ae0065a6a0e2aa7d4b370cd65fc03d1b36b.exe	91
PID 4812 wrote to memory of 1336	4812	9d611670d5a5aa621e0e5f07e07b4ae0065a6a0e2aa7d4b370cd65fc03d1b36b.exe	91

C:\Users\Admin\AppData\Local\Temp\9d611670d5a5aa621e0e5f07e07b4ae0065a6a0e2aa7d4b370cd65fc03d1b36b.exe
"C:\Users\Admin\AppData\Local\Temp\9d611670d5a5aa621e0e5f07e07b4ae0065a6a0e2aa7d4b370cd65fc03d1b36b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionExtension "exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oolxpdoi.5m3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1336-162-0x00000000065D0000-0x00000000065EE000-memory.dmp

Filesize
120KB

Download
memory/1336-164-0x0000000002C50000-0x0000000002C60000-memory.dmp

Filesize
64KB

Download
memory/1336-185-0x0000000007BF0000-0x0000000007BF8000-memory.dmp

Filesize
32KB

Download
memory/1336-146-0x0000000004FC0000-0x0000000004FF6000-memory.dmp

Filesize
216KB

Download
memory/1336-147-0x0000000005630000-0x0000000005C58000-memory.dmp

Filesize
6.2MB

Download
memory/1336-148-0x0000000002C50000-0x0000000002C60000-memory.dmp

Filesize
64KB

Download
memory/1336-184-0x0000000007C00000-0x0000000007C1A000-memory.dmp

Filesize
104KB

Download
memory/1336-150-0x0000000005CD0000-0x0000000005CF2000-memory.dmp

Filesize
136KB

Download
memory/1336-151-0x0000000005E70000-0x0000000005ED6000-memory.dmp

Filesize
408KB

Download
memory/1336-152-0x0000000005EE0000-0x0000000005F46000-memory.dmp

Filesize
408KB

Download
memory/1336-183-0x0000000007B00000-0x0000000007B0E000-memory.dmp

Filesize
56KB

Download
memory/1336-149-0x0000000002C50000-0x0000000002C60000-memory.dmp

Filesize
64KB

Download
memory/1336-177-0x0000000007F10000-0x000000000858A000-memory.dmp

Filesize
6.5MB

Download
memory/1336-165-0x0000000006BA0000-0x0000000006BD2000-memory.dmp

Filesize
200KB

Download
memory/1336-166-0x00000000700A0000-0x00000000700EC000-memory.dmp

Filesize
304KB

Download
memory/1336-176-0x0000000006B60000-0x0000000006B7E000-memory.dmp

Filesize
120KB

Download
memory/1336-182-0x0000000007B40000-0x0000000007BD6000-memory.dmp

Filesize
600KB

Download
memory/1336-178-0x00000000078D0000-0x00000000078EA000-memory.dmp

Filesize
104KB

Download
memory/1336-179-0x000000007F2D0000-0x000000007F2E0000-memory.dmp

Filesize
64KB

Download
memory/1336-180-0x0000000007950000-0x000000000795A000-memory.dmp

Filesize
40KB

Download
memory/4812-136-0x0000000002380000-0x00000000023FD000-memory.dmp

Filesize
500KB

Download
memory/4812-137-0x0000000002380000-0x00000000023FD000-memory.dmp

Filesize
500KB

Download
memory/4812-133-0x0000000000400000-0x000000000076B000-memory.dmp

Filesize
3.4MB

Download
memory/4812-140-0x0000000010000000-0x0000000010C80000-memory.dmp

Filesize
12.5MB

Download