Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
05/07/2023, 16:59
General
-
Target
12dd161b41121cexeexeexeex.exe
-
Size
192KB
-
MD5
12dd161b41121c609c66982c71803660
-
SHA1
4e19aaea34258c7d08b1699558a2f6ae6d00b923
-
SHA256
7fcf0ff8696a53975d5a5fba95ca377183ef5e693907fabac84c72d12146d29a
-
SHA512
d9cf01d21e95d40a29bf9416a692f0e6c04c0c2c6578b331321dae909f5aa1141cda7ca43df697aaee69ea235ab83920cfb60dcb9eb7d89cdb259ef2b6e0b261
-
SSDEEP
1536:1EGh0ocl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0ocl1OPOe2MUVg3Ve+rXfMUa
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\12dd161b41121cexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\12dd161b41121cexeexeexeex.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F9B271D9-EF73-4ba3-AC7A-A334542FD396}.exeC:\Windows\{F9B271D9-EF73-4ba3-AC7A-A334542FD396}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DF469B65-1C65-4ffd-809F-73DB9D17D297}.exeC:\Windows\{DF469B65-1C65-4ffd-809F-73DB9D17D297}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{38AB4010-9F07-444c-AA7F-9F57FEAC97D4}.exeC:\Windows\{38AB4010-9F07-444c-AA7F-9F57FEAC97D4}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{80C14393-9E5B-4ce0-9D4E-5520BA820737}.exeC:\Windows\{80C14393-9E5B-4ce0-9D4E-5520BA820737}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F84DE55C-F8CC-4cf6-90B3-F60081987993}.exeC:\Windows\{F84DE55C-F8CC-4cf6-90B3-F60081987993}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6EF77DA6-5307-4884-B91C-8CC3E48F6BDE}.exeC:\Windows\{6EF77DA6-5307-4884-B91C-8CC3E48F6BDE}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{457F3132-D19E-461a-9E73-97F0AF7A1985}.exeC:\Windows\{457F3132-D19E-461a-9E73-97F0AF7A1985}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{25E1B1B3-A895-4df7-989D-A83E42E405F7}.exeC:\Windows\{25E1B1B3-A895-4df7-989D-A83E42E405F7}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{45460722-7977-4084-BFF9-A371B1DDDF25}.exeC:\Windows\{45460722-7977-4084-BFF9-A371B1DDDF25}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C4EAF4F2-D53C-48e8-B7D4-634606273AFB}.exeC:\Windows\{C4EAF4F2-D53C-48e8-B7D4-634606273AFB}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{71DE35D1-D930-4eda-9193-5F1177563CDF}.exeC:\Windows\{71DE35D1-D930-4eda-9193-5F1177563CDF}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{EDE6A05B-4F00-47d5-8E1B-D5070E921F94}.exeC:\Windows\{EDE6A05B-4F00-47d5-8E1B-D5070E921F94}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{71DE3~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C4EAF~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{45460~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{25E1B~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{457F3~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6EF77~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F84DE~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{80C14~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{38AB4~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DF469~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F9B27~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\12DD16~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
MD5a739480686e8b2f2f05e889c6d443ef7
SHA1fad3ac95b99783440a732ff3ae2d92bf84fd393b
SHA256e4833756e84f62ed055ecc47beddd54c0539ce54c464ff611d536b8128143bd0
SHA512d5c29de9afa790a8f9cc002553fe5c326b14e1dfed3c660e1f08b277a057aaf5a4ea63a4306da6cc3decb04167db16d0dab49749792ec78cfbed2bd39d0024f5
-
Filesize
192KB
MD5a739480686e8b2f2f05e889c6d443ef7
SHA1fad3ac95b99783440a732ff3ae2d92bf84fd393b
SHA256e4833756e84f62ed055ecc47beddd54c0539ce54c464ff611d536b8128143bd0
SHA512d5c29de9afa790a8f9cc002553fe5c326b14e1dfed3c660e1f08b277a057aaf5a4ea63a4306da6cc3decb04167db16d0dab49749792ec78cfbed2bd39d0024f5
-
Filesize
192KB
MD527934ce97f1454626ca59af4fc8595cf
SHA196d6b6e2a3f7fdb11c3943abcb8d2f9ac5adacf3
SHA256045c9af8c519399a245833a13821d97b87004a796a52300888511334cb1c0260
SHA5121a6510067cad8a61bd04f39f8773700f0216ff1ef6caaec3dbeb055567972558b09684db1b37a7ec35d22eff05eee40131d66a8214bc61c8c4eafa775170b649
-
Filesize
192KB
MD527934ce97f1454626ca59af4fc8595cf
SHA196d6b6e2a3f7fdb11c3943abcb8d2f9ac5adacf3
SHA256045c9af8c519399a245833a13821d97b87004a796a52300888511334cb1c0260
SHA5121a6510067cad8a61bd04f39f8773700f0216ff1ef6caaec3dbeb055567972558b09684db1b37a7ec35d22eff05eee40131d66a8214bc61c8c4eafa775170b649
-
Filesize
192KB
MD527934ce97f1454626ca59af4fc8595cf
SHA196d6b6e2a3f7fdb11c3943abcb8d2f9ac5adacf3
SHA256045c9af8c519399a245833a13821d97b87004a796a52300888511334cb1c0260
SHA5121a6510067cad8a61bd04f39f8773700f0216ff1ef6caaec3dbeb055567972558b09684db1b37a7ec35d22eff05eee40131d66a8214bc61c8c4eafa775170b649
-
Filesize
192KB
MD5b946a86383aa4afb0433a7cb40908bf6
SHA1c8413b37a44c19eff0981a19b2c28f52a644c797
SHA256bce39e579decfae481308b2a0e356b791e56a89647301986dbcb1c8e90a5dd77
SHA5128969a14c9b68bcdb3ae43b72466e1f0d80b46f911b234bffa5d3f836e38075f2c365b0b4b8b92c0a579e728357e6b8f9ca1996247de53cce48acfdbc73a8cc18
-
Filesize
192KB
MD5b946a86383aa4afb0433a7cb40908bf6
SHA1c8413b37a44c19eff0981a19b2c28f52a644c797
SHA256bce39e579decfae481308b2a0e356b791e56a89647301986dbcb1c8e90a5dd77
SHA5128969a14c9b68bcdb3ae43b72466e1f0d80b46f911b234bffa5d3f836e38075f2c365b0b4b8b92c0a579e728357e6b8f9ca1996247de53cce48acfdbc73a8cc18
-
Filesize
192KB
MD5676517dee43a00999eb3933ff0642c5d
SHA1cdfbc064ef640ed34165b1c25b4473dd911a11b7
SHA25649caf07b5eef9bf7b71ecff9211962c064e1d934606777bf980b8561ae5b1b78
SHA51202681f3152ed2a017ef75930796a8db16c8a64072ac17b12d5a768269736a0bc5c19149962c5162878eed2266c5039d644207bd01391bf690a9cc8de67815ac6
-
Filesize
192KB
MD5676517dee43a00999eb3933ff0642c5d
SHA1cdfbc064ef640ed34165b1c25b4473dd911a11b7
SHA25649caf07b5eef9bf7b71ecff9211962c064e1d934606777bf980b8561ae5b1b78
SHA51202681f3152ed2a017ef75930796a8db16c8a64072ac17b12d5a768269736a0bc5c19149962c5162878eed2266c5039d644207bd01391bf690a9cc8de67815ac6
-
Filesize
192KB
MD5c38816571800be90d630b51e3361e027
SHA15ba623e4c849d097c9165f7a83b7211ab99f33ea
SHA256c46bcfc91c71d6b3886504a5e490bb4f4746257c0a9a6448594cc410f1dd3c6a
SHA5128109c4ca984b86c14feb524608235d8aabdb8d641a9c4ba4abc0d48fc93d58547e3691b75f524c6369a52b32643dc27faa83ec32160c9d770c13172abaef4a93
-
Filesize
192KB
MD5c38816571800be90d630b51e3361e027
SHA15ba623e4c849d097c9165f7a83b7211ab99f33ea
SHA256c46bcfc91c71d6b3886504a5e490bb4f4746257c0a9a6448594cc410f1dd3c6a
SHA5128109c4ca984b86c14feb524608235d8aabdb8d641a9c4ba4abc0d48fc93d58547e3691b75f524c6369a52b32643dc27faa83ec32160c9d770c13172abaef4a93
-
Filesize
192KB
MD523446ff1a98b106c35601e352d6a55bb
SHA1050b144dab0a7d82f3cf20c92599df0e4172a055
SHA2560b0276710a762434f040c37c511f28bf825ccc79a12bbcd3efa8af3ef0ac6f30
SHA5122e677e25b1f3937a2581de87c9f4eb44ae1812506a3594660b4dded22d954463920d03238a3ae6a8560f502929cdd8253d95df072369c1991ac029b615deac2c
-
Filesize
192KB
MD523446ff1a98b106c35601e352d6a55bb
SHA1050b144dab0a7d82f3cf20c92599df0e4172a055
SHA2560b0276710a762434f040c37c511f28bf825ccc79a12bbcd3efa8af3ef0ac6f30
SHA5122e677e25b1f3937a2581de87c9f4eb44ae1812506a3594660b4dded22d954463920d03238a3ae6a8560f502929cdd8253d95df072369c1991ac029b615deac2c
-
Filesize
192KB
MD5aeb20cdee56b6f8c4f0b4aa70ff8211d
SHA1afc3f16c81c65080020f3b595c4d31c04ee83ea6
SHA256eee55c1a9a816da85a2789383340787f28e558a51835a7fbad04fcec0773a790
SHA51236474792a07f265e30933830f840206e6089192036a52b04ad4145861e952913c62a4f73311d6025d24f5e8441cea53bc949c462ee89bd54b07e075f72d40cfc
-
Filesize
192KB
MD5aeb20cdee56b6f8c4f0b4aa70ff8211d
SHA1afc3f16c81c65080020f3b595c4d31c04ee83ea6
SHA256eee55c1a9a816da85a2789383340787f28e558a51835a7fbad04fcec0773a790
SHA51236474792a07f265e30933830f840206e6089192036a52b04ad4145861e952913c62a4f73311d6025d24f5e8441cea53bc949c462ee89bd54b07e075f72d40cfc
-
Filesize
192KB
MD5f93bffaeaf2f1c67b79b8c4d8c209989
SHA13a534e2b27cb94b41d50ee0e5a952fdcc01e835a
SHA2568fa1243dda01fb6e0112acfded67852239f5094d95c5bb5687befa542176f2e8
SHA512ed9942043d7232d44edb62e8bd0bf7afcef3e8bff6bcfd591e5a269e12c0035c2e42d064ca9568c8ce748d9ed159130dc133fa0d346b2e3789b5ecc94dac2db2
-
Filesize
192KB
MD5f93bffaeaf2f1c67b79b8c4d8c209989
SHA13a534e2b27cb94b41d50ee0e5a952fdcc01e835a
SHA2568fa1243dda01fb6e0112acfded67852239f5094d95c5bb5687befa542176f2e8
SHA512ed9942043d7232d44edb62e8bd0bf7afcef3e8bff6bcfd591e5a269e12c0035c2e42d064ca9568c8ce748d9ed159130dc133fa0d346b2e3789b5ecc94dac2db2
-
Filesize
192KB
MD57822bc1ba5f184c75ab21a3c2f225b3c
SHA1788e9e61d22346647b741ace78688bec60534b3a
SHA2562680c72ed2300f780fd4fe1883e7d4ed9ba4cf165178d7584fdb0c094a968c71
SHA512e46efd89dfdadee63be5bc82c124723281d244c3479913bd74c8b3dfe0423fcf1b6e31952dc40bc8743acba5542714a0e8ae16c1c7e9e7323ffe011ce4d7637e
-
Filesize
192KB
MD57822bc1ba5f184c75ab21a3c2f225b3c
SHA1788e9e61d22346647b741ace78688bec60534b3a
SHA2562680c72ed2300f780fd4fe1883e7d4ed9ba4cf165178d7584fdb0c094a968c71
SHA512e46efd89dfdadee63be5bc82c124723281d244c3479913bd74c8b3dfe0423fcf1b6e31952dc40bc8743acba5542714a0e8ae16c1c7e9e7323ffe011ce4d7637e
-
Filesize
192KB
MD51f4f4e51f8fe1ed086a096826d32778f
SHA18fdc1a32a261d57f016b0fc2a77c7124273d2857
SHA2566a6e603d11575b58f1d631d38132825232c77eee7931c45f1ab281c12cade887
SHA512333b43465ccd77197ca2fb3c585d347ff1a003bc350c392db9f2c7e807da9d9231d5c8609b62723d675f84f361406f565cf630056ace2275bd1e992f06a99aa2
-
Filesize
192KB
MD51f4f4e51f8fe1ed086a096826d32778f
SHA18fdc1a32a261d57f016b0fc2a77c7124273d2857
SHA2566a6e603d11575b58f1d631d38132825232c77eee7931c45f1ab281c12cade887
SHA512333b43465ccd77197ca2fb3c585d347ff1a003bc350c392db9f2c7e807da9d9231d5c8609b62723d675f84f361406f565cf630056ace2275bd1e992f06a99aa2
-
Filesize
192KB
MD533e9494a139d5ca5065f4a6d57fbcd3b
SHA154ddbea2dc987aa033ea1c3e49009c6003488d2d
SHA256267611ddb4aa36ad96677becb421e12b4ba74f0bc80bb1dd388f1b09e61f01d6
SHA5120245de9f72722380e0b0381318e85ac0b63216fd4261c1fd0ad042aab8c70f7f5215aa2cf0734e932d59ae7ee9174ecea1cd3824abb721179014d60c19c03b30
-
Filesize
192KB
MD533e9494a139d5ca5065f4a6d57fbcd3b
SHA154ddbea2dc987aa033ea1c3e49009c6003488d2d
SHA256267611ddb4aa36ad96677becb421e12b4ba74f0bc80bb1dd388f1b09e61f01d6
SHA5120245de9f72722380e0b0381318e85ac0b63216fd4261c1fd0ad042aab8c70f7f5215aa2cf0734e932d59ae7ee9174ecea1cd3824abb721179014d60c19c03b30
-
Filesize
192KB
MD53911cafa7f4d0a7e58f7bc2bb08af89a
SHA1e156b1a3031f16e899b5a05f959d23c9206d1c99
SHA256dfd549d147e8b79bc107be38041c4f00f4596caef93f9f6e59d04f955417e11c
SHA512ec6bdcb5d65e6b4dbe2686a2aea4df66db78979d65ac6a9cfc77173785e82a395dcc932394b5fe2300297228bb24328dc00c7fe2d10054324c3ed2c981b2a87a
-
Filesize
192KB
MD53911cafa7f4d0a7e58f7bc2bb08af89a
SHA1e156b1a3031f16e899b5a05f959d23c9206d1c99
SHA256dfd549d147e8b79bc107be38041c4f00f4596caef93f9f6e59d04f955417e11c
SHA512ec6bdcb5d65e6b4dbe2686a2aea4df66db78979d65ac6a9cfc77173785e82a395dcc932394b5fe2300297228bb24328dc00c7fe2d10054324c3ed2c981b2a87a