41aa5b071a82803eaa46c4b3970ef07a01826dc4e21a5c3af6a706d641464728

Analysis

max time kernel
41s
max time network
48s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
20/06/2023, 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Software (pass 2023).rar
Size

111KB
MD5

c41ca055376a894769b6d553ccb220c7
SHA1

cc831d897493d5d1da219785383b13d8e45e001e
SHA256

41aa5b071a82803eaa46c4b3970ef07a01826dc4e21a5c3af6a706d641464728
SHA512

68ad2f5346e1c97e59b99f8676c68a173a867ce933ea59a78bf73d34db55026866fef8af7a9f1e18f95e8c74e3dea3bc937cce1490c89663f81d8df07a01f805
SSDEEP

3072:aesSD1RS4gTFLa+19EJSMFWe6JcoORRx8d7VkS:a6D15AF9EwMFWea6f8dqS

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTcbPrivilege	4332	svchost.exe
Token: SeRestorePrivilege	4332	svchost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4608	OpenWith.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 3868	4332	svchost.exe	69
PID 4332 wrote to memory of 3868	4332	svchost.exe	69

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Software (pass 2023).rar"
1⤵
- Modifies registry class
PID:400

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4608

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Windows\system32\dashost.exe
  dashost.exe {d872a7fd-e67a-403f-89a8e7c119a69567}
  2⤵
  PID:3868

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\AssertSync.shtml

Filesize
213KB

MD5
e5cf78dd20bc527bbfc70f19b0f5fb95

SHA1
d5cbd3e641b3140c3addbebcf2b650eca6d55045

SHA256
56710c604c199ef74fb9d95e5590307f84e7b02ad3961288628f4997d882ee8e

SHA512
102c06e167735b9f759e8a5cfd2bf1176497de5c07a372857856f07952d6d302fabd047bca53e80931b5997c8ca31e62b555789888592fe3ce06ac0681b22690

Download Submit
C:\Users\Admin\Desktop\CheckpointExport.TTS

Filesize
462KB

MD5
dd2c00f86df88c21c793fc7322c7eacc

SHA1
56953d33372bba4183f7041290eb697f2a76f4fb

SHA256
e2849da6af5f7d8a816014303828d0ef751f85bd08b2d6f7df4978825803f338

SHA512
5afc03d392fd89bac381d7593458faa927a8fb69eca3b93923e46a6d4d3ea7af48368c49013cf20a718d4f8237a458a703f726fce44f748fe6d323b3ce66c3f2

Download Submit
C:\Users\Admin\Desktop\CompareSave.jtx

Filesize
551KB

MD5
ecb295a04c1dc126314c8b75356f9b81

SHA1
32a384b4c6dd2f0a17e2121ef17bfe2d26b3fc75

SHA256
341d0c36b2188d7b9df302484cb00e11b8b22ddffc469cea611382cd0b8da9ef

SHA512
88d18d73945c4a465718b250ce691407d5b7813e1f001533bf41284190383b3a93b458200f6565f5d206f0e68ec82f60d9dd71df42ccc6c7856098bffb2a7c62

Download Submit
C:\Users\Admin\Desktop\ConvertFromOptimize.wmv

Filesize
408KB

MD5
34f83c53f9787e46d39cac31c71b5ed3

SHA1
29c45d7b9548da8c28c519d385590b375e85e004

SHA256
f4f95163fe1d52da8e296e35ab189bb7a519be767348f6d65831c7576a9eb685

SHA512
e2d82f6da82a96ecdc51e5895d1dc39dd3b744f0a02d80cbd224e4615366c08202f8fd4b6b0829fb6823cec5e046f1609ed9ae1c0a59038f763c227165bdd1d7

Download Submit
C:\Users\Admin\Desktop\DebugClear.vssm

Filesize
835KB

MD5
6ee745c966e3c7bf57bab9b41feff358

SHA1
9ea09520c1a2c7c36806be14aba702fd44da846a

SHA256
c9f9373d605717985df655e8a0a00c330a70f6dcce4d569f3506084a8f347f1d

SHA512
8bce3f086c910bdac1814cf0b6d703ad23b6e71c66083d34dfbfc8a1b0f008c1339e3fc5f23432d245951639857bb39c94476eb8255bf52005788b9814a52b98

Download Submit
C:\Users\Admin\Desktop\DenySync.rmi

Filesize
479KB

MD5
88140aad5abeb59bbd13ba9cc7e3e136

SHA1
8744e9f12bf7d8555bc73ed54191de77d14c7165

SHA256
138c8bc1d1fe8cbdefdd8fb6b62560d3fdb952b6166e19edbbac07549e9290ae

SHA512
eda2159a138d36755fd985c641a00a0b6b1a4a8cef2f703372e1956d44ec25e568351985cd8486451e9f1f2c2668d5065a4cb03889185449f35abb107794d85f

Download Submit
C:\Users\Admin\Desktop\DisableResize.htm

Filesize
266KB

MD5
2f8e19512c55ec8563a535a07bb7cc4a

SHA1
6a121c5d363d72f45bcbc2e6510b38a8152b0196

SHA256
9f28a7dba1d73d59052d1d7e7c709fd7c73e1da80027e0456e15c4f398b22587

SHA512
16ca913492578e0df58acbbe34b0f4112196f2d0030a689dd1903b3dd63c534d7085aa6dd53a6a317f890d72b830a08c19faeff33fbccde75be84326f22152ce

Download Submit
C:\Users\Admin\Desktop\DismountConfirm.tif

Filesize
302KB

MD5
428a16553cada940dcf7dab694104b15

SHA1
82e0eda2083abd6e6b3e8ef7df550b75a887ef75

SHA256
f19471f9876d12058d7a731e88e6d9d61167986ce8bd1936ac660b54a5c510e3

SHA512
fc3d8bccd91182a7b87769bc1cbc32bba6bdeb02b2f9795ab4153010a150152a0f0d5a3e91bd54f1eecbec6dc02d9f1b6d027c5da62f9bd91a62262c9b07baae

Download Submit
C:\Users\Admin\Desktop\ExportSubmit.xltx

Filesize
355KB

MD5
9c780507a1527d02a0a375c936c3a19b

SHA1
19460db95d345d8bf727c65e62174ba351f5fe5c

SHA256
6b9b667ed82c40fc3b5fdf5d83528ed6dffd6a1729851487f1845e0354642ba8

SHA512
91a56f39cc7966528a37f8be5637b43b8747f113c6067ba0bc254eb2fcba1c800c54d636b64155fc23de51c1dae8cff7122c7b86bba827853923074365a4bf11

Download Submit
C:\Users\Admin\Desktop\FormatInstall.vsd

Filesize
284KB

MD5
92597faf74f9dc7c475eaf29b5d62714

SHA1
80334cc525b81fae2e4418abb7c5221833606111

SHA256
a7fc8e57d509f49beb878ad46d1bf0883bca4c2649acb2e0cff8561a12271f58

SHA512
676dfeb73a5f1d99d4964e79a184fd7b443aaa4d76e02eee35871092df2708e2587d1a19f9938b8db12f7a1c1769455393b2f732d59968c286ec3b8c3cfcc685

Download Submit
C:\Users\Admin\Desktop\GroupSearch.vbs

Filesize
373KB

MD5
4c1f84329c68c1f8c72e5de2d9654678

SHA1
0a340b2111c29ea0f0445a7058c4e6472357c4c9

SHA256
12c0cfc4552b11bf9cbcac2879f9bb3cbdeb8291f520775e6fc775e32a7528de

SHA512
3c8997d1be97627218e1061896205bc34460a50bb849552e8de3e165ea24826e37ea7ed47b60b1373b022ff57b9cc70327e9c17589d762165aea4a59e393d990

Download Submit
C:\Users\Admin\Desktop\ImportConvertTo.asf

Filesize
604KB

MD5
d1909367bfda9e6f472cb4b41a49c746

SHA1
420b23a5f4250239fa3d600299ec3f4151475a8c

SHA256
3d3444173ffe0ad4659f9295a10f54a955e5231697d7bd26f66be0a75dd43cda

SHA512
0b626e3ecb6d91d67ba2f87d34eec6acedda02feb2df9d472a8856d364d5d313f942ab51fd28be75e68c9362b20c98eaf4bfec975660d8abdfab41b6a2d8b5cd

Download Submit
C:\Users\Admin\Desktop\PushResolve.ppsm

Filesize
426KB

MD5
6bd4222b495690306c31f5ac79784122

SHA1
b926fa3bf063284d1bf668908ea17851ec333a74

SHA256
0cc7015f022b44bfca5c6a8b92f79cf22af6dbe68f7ff73c015fe66ca9c9e0f2

SHA512
a0d22f41a891a0272c88ecb7a8d10c3faaceee680b8d3aed1a1b76a670f6583023ebd278baf31e426c79c6f7a998fe505c0f5ef49145c9da1ad68d720b7b5f81

Download Submit
C:\Users\Admin\Desktop\ReceiveLimit.tif

Filesize
515KB

MD5
089c510a43f23a4cedcd8a8a5118993c

SHA1
456868d801106933c618e4d8d7b14988a6fb9a69

SHA256
7c651190802912a661cca3ab93e7ec8db285380a6e4e60941771b802b9d87f4b

SHA512
6d807fd731c9d9ec4b7f37b18892bca405c46a9b6148ea67204c7cad499af3ce5050726e740b951648c76c4b908798aaf658c5d4d155886bdb73209b97905874

Download Submit
C:\Users\Admin\Desktop\RepairRevoke.xps

Filesize
497KB

MD5
006a4316fb5c495906b78c09c1a78054

SHA1
eb03ba51ca6fb17644de16552530b827e079a2c0

SHA256
a39939a9191e51abf51fb800cdde661e094028e75d42b0323c50644630ec2537

SHA512
144043941b5d0ce0e619fb9412234e781b449423e98a724b7eb98600030a20628714e1ff44e071e214b73c3b49e959003a0d749a0554ac9d1fb6d5fb254cd633

Download Submit
C:\Users\Admin\Desktop\SearchRename.otf

Filesize
319KB

MD5
d17025b89e30a8c869f604e097ac87f1

SHA1
8947a6df7dbcf36e15163e5368d2e32e95001b51

SHA256
0a563c5b5ad4817cdee9dba04e4afccfd82632f8d9909ca4b0fd335687a17491

SHA512
98d8f49ecf1e5687331941de2fcae4d08ae8b3df42ece2a0989e09b3023daea297319b7d48d6a4f5cb267a5e00f7df33e3661dcd12b7b95e4e7b2b884960d79a

Download Submit
C:\Users\Admin\Desktop\ShowDisable.php

Filesize
231KB

MD5
35d7d7935ea6a66560fa8cf7bb40de5f

SHA1
9fe9a906ce14fed2fbcd3210c2a384c199d880c6

SHA256
ed0eb8395d6f8afee8913ee0b30e6a54963e28e4f68e9c9756074c6a0c21bcfb

SHA512
25c13385b72ce1d33e0c4730522c32dab0d25eb4d4819fd4134a2ab357559c71a002132c9b5566f977ce40317fe933491e29affa7e4614b289ae34f27a76914a

Download Submit
C:\Users\Admin\Desktop\SkipUnlock.mpeg

Filesize
337KB

MD5
347a783a52937699f8abde7c2aab5559

SHA1
1569e4b6470466907553af9c21a50c5bc55a88b9

SHA256
32fd1f322f101dfdb1eeec75d2231c3a597d3a17cca52829d05f146fee4a513b

SHA512
eabdc4babf73d26f929b446a2b8962c37038d545aa7fc8355f8528ea03d850124a81232e42a072c5be8ea58e98b125b01153a7db6562456347dc82cf3190c7c4

Download Submit
C:\Users\Admin\Desktop\StopStart.odt

Filesize
391KB

MD5
72a0122c93c593db5f41d3b2c1ef9804

SHA1
3b30bfca6826f46d01964ac3819d7aa69111f135

SHA256
909f531926299f5f21b6ed47bc951e0dbd646c78124c36dcb31b7760595e9685

SHA512
0b49caeb55e3903f6d818255852af0c1fae031909ee3bc6133c4b1aa277b71a08706a174b7591890e5c5820d5186efc86821a97eda3f86a54451ff4895623157

Download Submit
C:\Users\Admin\Desktop\UninstallPop.asx

Filesize
444KB

MD5
ffdf47cb437cd63395ce3917c0a3f769

SHA1
dddb6265fb1c83eea6be9eedb198f96448ba912c

SHA256
a25e040b4a6b73efdab22b7fbff99acaa23782554a52ea94513e0dd9dbee3f80

SHA512
f9ebc093f1ebca53f54969a8db610a24667d4e6ea493af6e552198db00689afff8f43e9a750e3b4a48924818bd46541535e5ab910743a505226c12de67abc844

Download Submit
C:\Users\Admin\Desktop\UnlockResize.pcx

Filesize
533KB

MD5
755768cf3e94a1ce24a33d37c7edd871

SHA1
0b67fb051e354b96dfceacf9f33b33aa02467311

SHA256
a403134878365646f0b9a36e8aa5f1e1efd9e81702bda730cc36230b4d4149f6

SHA512
66be6862fec399f5cab2446d42de516426e1ae45ae9958c8b3a1f4d7ae78e4c51575a2466cf7f1c7bdcc88e6b3914afeb52b6bea757c87986f9fae1aaaf6fd85

Download Submit
C:\Users\Admin\Desktop\UseInvoke.vst

Filesize
586KB

MD5
161d5b0304deb1d80f88a69282992806

SHA1
d97690489040b7a3bf4938663539a78dbe34b05e

SHA256
8350f8ea33fb7f1f3586e46459f9d599b07f2cf17e7df6caf652ed8b976f8831

SHA512
b5c80a3451f0659065da04c8437e87d2eb02e3a3a3e267f71a4a8eca032f2162d5fcb3a3f83bf0b422f9e0d6004b539d7e7f5ccb226314b95d7ae2037a59e8f0

Download Submit
C:\Users\Admin\Desktop\WaitInitialize.ADTS

Filesize
568KB

MD5
ce008fcaaefcff89d0483240a3ae395f

SHA1
95bee951bff323e1e74920d827961cddd2b6374d

SHA256
4ee964ba5b2107b27f7b6323dff16dcf733db3144b24a329c00e3ecf169b971e

SHA512
91c54258d1323c987a21a21b134eaa888fc46c6fc25440285b9b940461bf0c29199ae06856b9b717ee6a00e1a646f8b821181af5d639cb2bb2494699faf6165f

Download Submit
C:\Users\Admin\Desktop\WaitUndo.mht

Filesize
248KB

MD5
57d4975cf176f0c3eb4147006eb5ad37

SHA1
b263229d930607855cf1d8ee66c18cd33ad52ebc

SHA256
b10568ee1b9a4d2980adf9ff142f3eb0fc06e9dba54a4e36c86ccc853bf6cf5e

SHA512
9ea40506cbbe7fd6b15260f0e659c174a53c23e31441818fa89b296e69deaff2bf784e2ed8d907bf582169cb80a7c2f918e62a236e37089d2f0bd9134c54f925

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
d618a4aaa98ae1b597136109d8ed51e4

SHA1
68540e6172cebffeeee377f6f050fc24936604b0

SHA256
ecbc306f5c2beafbf05f9ea1ed4022c7ff61cba71d393a31ea474f7e5e716585

SHA512
729eaba0e86167675990755e8298c4fa863a2de2de20ab28e19ff4309ce524cc38ea4d7e75724062eba307364933baabf3cadce4a79745852569a0f69430a758

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
e4c4fb85fd61d8007f08608a1b13c654

SHA1
91c022948bd6386fb3137e8113754dd351d66acf

SHA256
89426fea38e0acab2c91d4c514cd02a49676de3ae9b221d78295d06ed6d75cc1

SHA512
3f6be7f37d7d0f94ce0ac9fed297bfd2aaf5cbe5e35d3a93643ca3920ec2cb4582054ff15f7aae83bba24a7dab20a5154ed7b784c62637bf78bc04f64250d90b

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
6732856a507ac51358ccd45e8768097a

SHA1
2d1921ca0ab04dc347e2f2e5e9782ceb88da643e

SHA256
b933babbd8e5666bf790eb05709b9b6c835b56cbbdc908ef639c2325b96e6824

SHA512
b0f41e4a79c6c91f17412023f8604eeea41d26c20f2edb43e5f48df7483e9274c2351d95dca9ffcb3e316d2a56b5147ef3535e6e43fb7d0416112c7a6b0062f8

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
3f637c011d406d07ff4cbdbb2908ab13

SHA1
b441b547d07c2debee719429bacf9cbc9e939b3e

SHA256
9f595a9df9cc499ed13f9aaec74dc3da4606280d5681ceb31d36a3a256301cac

SHA512
bca51478a65d4a7df1e5a1c553d99a5f607b7d3e1a0975458a0fff2dd10d3ed8a99fb0e2810d3e6f5f5f07e6c305235d5ac829e9ed778ce0af991ca448686e10

Download Submit