64308fac848903287d75564a28c45535d5e427e746fb81f69c9145a7cad1b221

Resubmissions

14/12/2023, 13:26

231214-qpmrxsfdb3 3

14/12/2023, 13:25

14/12/2023, 13:24

28/06/2023, 23:12

28/06/2023, 23:12

28/06/2023, 23:11

Analysis

max time kernel
140s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2023, 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

massreport-sillyboykissersnow.exe
Size

42KB
MD5

ad95da4f3c05ad9fcace4df31143b4d5
SHA1

1d06366cbe4bf3d196043a708e4cbfe2daa40d6e
SHA256

64308fac848903287d75564a28c45535d5e427e746fb81f69c9145a7cad1b221
SHA512

7a8b8d123af639241058db060effbd6aa67066c91557dc537f18623c1e46d12c63b1d40fce8981ece5b7747c1bd7f3d4a2f1e59b9f830053873130ddda1df703
SSDEEP

384:0wB3Urd0xxvXAE9c3vtFwhmNCO6jLX92vAMROHtXy6ov44vu/XiGHZelEm66q5OW:CdsUlBNl1xsNS/RG5elVhq8k8nG7sR1

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3456	WMIC.exe
Token: SeSecurityPrivilege	3456	WMIC.exe
Token: SeTakeOwnershipPrivilege	3456	WMIC.exe
Token: SeLoadDriverPrivilege	3456	WMIC.exe
Token: SeSystemProfilePrivilege	3456	WMIC.exe
Token: SeSystemtimePrivilege	3456	WMIC.exe
Token: SeProfSingleProcessPrivilege	3456	WMIC.exe
Token: SeIncBasePriorityPrivilege	3456	WMIC.exe
Token: SeCreatePagefilePrivilege	3456	WMIC.exe
Token: SeBackupPrivilege	3456	WMIC.exe
Token: SeRestorePrivilege	3456	WMIC.exe
Token: SeShutdownPrivilege	3456	WMIC.exe
Token: SeDebugPrivilege	3456	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3456	WMIC.exe
Token: SeRemoteShutdownPrivilege	3456	WMIC.exe
Token: SeUndockPrivilege	3456	WMIC.exe
Token: SeManageVolumePrivilege	3456	WMIC.exe
Token: 33	3456	WMIC.exe
Token: 34	3456	WMIC.exe
Token: 35	3456	WMIC.exe
Token: 36	3456	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3456	WMIC.exe
Token: SeSecurityPrivilege	3456	WMIC.exe
Token: SeTakeOwnershipPrivilege	3456	WMIC.exe
Token: SeLoadDriverPrivilege	3456	WMIC.exe
Token: SeSystemProfilePrivilege	3456	WMIC.exe
Token: SeSystemtimePrivilege	3456	WMIC.exe
Token: SeProfSingleProcessPrivilege	3456	WMIC.exe
Token: SeIncBasePriorityPrivilege	3456	WMIC.exe
Token: SeCreatePagefilePrivilege	3456	WMIC.exe
Token: SeBackupPrivilege	3456	WMIC.exe
Token: SeRestorePrivilege	3456	WMIC.exe
Token: SeShutdownPrivilege	3456	WMIC.exe
Token: SeDebugPrivilege	3456	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3456	WMIC.exe
Token: SeRemoteShutdownPrivilege	3456	WMIC.exe
Token: SeUndockPrivilege	3456	WMIC.exe
Token: SeManageVolumePrivilege	3456	WMIC.exe
Token: 33	3456	WMIC.exe
Token: 34	3456	WMIC.exe
Token: 35	3456	WMIC.exe
Token: 36	3456	WMIC.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 1980	3304	massreport-sillyboykissersnow.exe	85
PID 3304 wrote to memory of 1980	3304	massreport-sillyboykissersnow.exe	85
PID 3304 wrote to memory of 4120	3304	massreport-sillyboykissersnow.exe	86
PID 3304 wrote to memory of 4120	3304	massreport-sillyboykissersnow.exe	86
PID 4120 wrote to memory of 3456	4120	cmd.exe	87
PID 4120 wrote to memory of 3456	4120	cmd.exe	87
PID 3304 wrote to memory of 1776	3304	massreport-sillyboykissersnow.exe	88
PID 3304 wrote to memory of 1776	3304	massreport-sillyboykissersnow.exe	88
PID 3304 wrote to memory of 2128	3304	massreport-sillyboykissersnow.exe	89
PID 3304 wrote to memory of 2128	3304	massreport-sillyboykissersnow.exe	89
PID 3304 wrote to memory of 228	3304	massreport-sillyboykissersnow.exe	90
PID 3304 wrote to memory of 228	3304	massreport-sillyboykissersnow.exe	90
PID 3304 wrote to memory of 1072	3304	massreport-sillyboykissersnow.exe	91
PID 3304 wrote to memory of 1072	3304	massreport-sillyboykissersnow.exe	91
PID 3304 wrote to memory of 456	3304	massreport-sillyboykissersnow.exe	92
PID 3304 wrote to memory of 456	3304	massreport-sillyboykissersnow.exe	92

C:\Users\Admin\AppData\Local\Temp\massreport-sillyboykissersnow.exe
"C:\Users\Admin\AppData\Local\Temp\massreport-sillyboykissersnow.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c title 98E9FMX
  2⤵
  PID:1980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic path win32_computersystemproduct get uuid
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4120
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic path win32_computersystemproduct get uuid
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c title 98E9FMX
  2⤵
  PID:2128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c title getbannednoob
  2⤵
  PID:228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color b
  2⤵
  PID:1072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:456

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads