35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07

Analysis

max time kernel
150s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2023 19:10

Target

35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe
Size

2.2MB
MD5

4f9f6ae17f803c184847337451fa1ca9
SHA1

3b051fa1afa3d98d7abecab816d0bac9e51be0aa
SHA256

35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07
SHA512

b98d78494f82307f187fdfbccc875fc8ce4bf6bec1d678ad18f4aeae79dddd402690b5b2c2d5accf1393f018cbca7f264cbd3fd3bce4fc349b27145f6ec052ae
SSDEEP

49152:XeE2JNiuIdtb7mqxw1P3UbtibDk8eO1q+UTJHwnS891AeE7:XN4NiuwORUbtAeO1qP98j9H

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe

pid process

4712 35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe

description pid process

Token: SeDebugPrivilege 4712 35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe

description	pid	process
Token: SeDebugPrivilege	4712	35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe

pid	process
4712	35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe
4712	35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe
4712	35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe
4712	35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe
4712	35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe
4712	35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\God.dll

Filesize
6KB

MD5
d7a9b68b82f181f086db867c9cbf79a2

SHA1
8ab3bd43e1b5e2b9865be460b8ce7ed68311df05

SHA256
38ac81b23cbd826f6a7ae115366565c00cabf3433bf1956dfc1154150f251cd0

SHA512
f49ebdedb6329ebfd5120df7466a41164603750d4803de1a01f13c66e33d870d79ea92c8580eba821ea14c577aa9650b03ea321853b3ed9d281b39491e6b4cc7

Download Submit
memory/4712-133-0x0000000000820000-0x0000000000E82000-memory.dmp

Filesize
6.4MB

Download
memory/4712-134-0x0000000000820000-0x0000000000E82000-memory.dmp

Filesize
6.4MB

Download
memory/4712-135-0x0000000000820000-0x0000000000E82000-memory.dmp

Filesize
6.4MB

Download
memory/4712-136-0x0000000000820000-0x0000000000E82000-memory.dmp

Filesize
6.4MB

Download
memory/4712-143-0x0000000000820000-0x0000000000E82000-memory.dmp

Filesize
6.4MB

Download
memory/4712-145-0x0000000000820000-0x0000000000E82000-memory.dmp

Filesize
6.4MB

Download
memory/4712-147-0x0000000000820000-0x0000000000E82000-memory.dmp

Filesize
6.4MB

Download
memory/4712-154-0x0000000000820000-0x0000000000E82000-memory.dmp

Filesize
6.4MB

Download
memory/4712-157-0x0000000000820000-0x0000000000E82000-memory.dmp

Filesize
6.4MB

Download