e7bf6176eb0f048d92c32f88265fb268e1fcb95c010b8ac561a830b20be0b756

Analysis

max time kernel
150s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2023 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe
Size

2.1MB
MD5

fbb17233217f4c478c9ce3907e8dfef2
SHA1

365df15b6950f5f1749cec380ed5bba8c6c227db
SHA256

79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee
SHA512

c5c0d10e38b8e0f8615e2bc024ce862943c71a6ccfa839d64bdf2aafc6b950d7b22e7c4fbe1e55baf97c806b05a278da78d4ebb1fd9d14566bbf05dd92ca13a4
SSDEEP

24576:B/qEChjzz3F8mvKhx68xjf73b3KteFUp9HHJOApt5Xkoe/T31XQn:IECBzzGmMb6IS9JRHXkoeLlgn

Score

7^/10

Malware Config

Signatures

Unexpected DNS network traffic destination 5 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description	ioc
Destination IP	60.205.157.48
Destination IP	60.205.157.48
Destination IP	60.205.157.48
Destination IP	60.205.157.48
Destination IP	60.205.157.48

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe

pid	process
3692	79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe
3692	79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe

description	pid	process
Token: SeDebugPrivilege	3692	79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe
Token: SeDebugPrivilege	3692	79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe

C:\Users\Admin\AppData\Local\Temp\79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe
"C:\Users\Admin\AppData\Local\Temp\79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3692-133-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-136-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-140-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-138-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-142-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-144-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-146-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-148-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-150-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-152-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-154-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-156-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-158-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-160-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-162-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-164-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-166-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-168-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-170-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-172-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-174-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-176-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-178-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-180-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-182-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-184-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-186-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-188-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-190-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-192-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-194-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download
memory/3692-196-0x00000200D99A0000-0x00000200D99E2000-memory.dmp

Filesize
264KB

Download