Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
07/07/2023, 18:29
General
-
Target
51660088828d7eexeexeexeex.exe
-
Size
372KB
-
MD5
51660088828d7eb3246bdca921b72183
-
SHA1
46f17a1b539e4eb46be4c878a36f568cd7b93573
-
SHA256
c0967e4840ed300b7aedb3c8ea69d679a10d6ce623b838821329c899e99afc82
-
SHA512
abeb71d24a63d15ca6c587433ff0e1ef33bada47752c4b7b2dbcfcdc7229435c189689915829d434b2b4b8813b224fec6ea5a5ec0119e178049b968edba4bb68
-
SSDEEP
3072:CEGh0oVmlJOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBE:CEGSl/Oe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\51660088828d7eexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\51660088828d7eexeexeexeex.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{570D136F-C198-4b9a-B5F3-BC9EBAC4DB7B}.exeC:\Windows\{570D136F-C198-4b9a-B5F3-BC9EBAC4DB7B}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2DDE0AE9-52B5-4216-8D0E-C3C13388FEEC}.exeC:\Windows\{2DDE0AE9-52B5-4216-8D0E-C3C13388FEEC}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2DDE0~1.EXE > nul4⤵
-
-
C:\Windows\{D49B358B-47B6-44fc-A9E6-1AFB924241F1}.exeC:\Windows\{D49B358B-47B6-44fc-A9E6-1AFB924241F1}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5DD4F359-4C85-450f-817A-0354E28F55A2}.exeC:\Windows\{5DD4F359-4C85-450f-817A-0354E28F55A2}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{941ABE46-0F69-44a7-941D-63D181B5DF65}.exeC:\Windows\{941ABE46-0F69-44a7-941D-63D181B5DF65}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{20647D31-1B57-4964-9FB5-D4992F9F4BA5}.exeC:\Windows\{20647D31-1B57-4964-9FB5-D4992F9F4BA5}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1BFDDDA2-DDC9-420c-9CBF-0014C91BE315}.exeC:\Windows\{1BFDDDA2-DDC9-420c-9CBF-0014C91BE315}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E0760E49-DBF4-4d22-95E1-7206F03E74D0}.exeC:\Windows\{E0760E49-DBF4-4d22-95E1-7206F03E74D0}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{30338517-FD18-4efe-93A5-82EC5C184BF1}.exeC:\Windows\{30338517-FD18-4efe-93A5-82EC5C184BF1}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D9A9506E-AA3D-45dd-9A61-6302DEBF8AE8}.exeC:\Windows\{D9A9506E-AA3D-45dd-9A61-6302DEBF8AE8}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0FB47692-EA6C-436a-A713-3697EDE450CB}.exeC:\Windows\{0FB47692-EA6C-436a-A713-3697EDE450CB}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{782C3D2C-9956-4445-A74D-BD790DF4E072}.exeC:\Windows\{782C3D2C-9956-4445-A74D-BD790DF4E072}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0FB47~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D9A95~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{30338~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E0760~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1BFDD~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{20647~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{941AB~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5DD4F~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D49B3~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{570D1~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\516600~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5d391beebbb8307febecdd9ac7c3bb4dd
SHA1dc09e9feec6a8b4bfcad8266b56b0a89cbd0e41a
SHA256b4117caf20ac7e77f549873d367e00803088856b378ca1f39c10a9b9e8d49480
SHA5126e08032e4dd766c9f2377ccee3436e0d961a3bc3a46fdc91d0999be73e7123759b9beb3d8b9bd49cfa8fe8f9939adcff40d574c1edbf3cf8921256f1caf8ea14
-
Filesize
372KB
MD5d391beebbb8307febecdd9ac7c3bb4dd
SHA1dc09e9feec6a8b4bfcad8266b56b0a89cbd0e41a
SHA256b4117caf20ac7e77f549873d367e00803088856b378ca1f39c10a9b9e8d49480
SHA5126e08032e4dd766c9f2377ccee3436e0d961a3bc3a46fdc91d0999be73e7123759b9beb3d8b9bd49cfa8fe8f9939adcff40d574c1edbf3cf8921256f1caf8ea14
-
Filesize
372KB
MD54fbab563b065c7ed125f255808e04817
SHA1b8dd55c57360ca0de43d5e253a7641728517a95c
SHA256a02d1dd066814c9ca7163b29b690a6ae1f7a1f8e5c59ad5b352348e8c11f4427
SHA5121a769d86dcbc2122fa6fe57b6bf2f4291960cc8ff0510231698add5d39aa03c6e353f8d252fc467dabd73da82354661f31d43c52b681bb57bc7624e3ddff3ae5
-
Filesize
372KB
MD54fbab563b065c7ed125f255808e04817
SHA1b8dd55c57360ca0de43d5e253a7641728517a95c
SHA256a02d1dd066814c9ca7163b29b690a6ae1f7a1f8e5c59ad5b352348e8c11f4427
SHA5121a769d86dcbc2122fa6fe57b6bf2f4291960cc8ff0510231698add5d39aa03c6e353f8d252fc467dabd73da82354661f31d43c52b681bb57bc7624e3ddff3ae5
-
Filesize
372KB
MD5bda54f8f4cc0147d5fee7cc0b46faa37
SHA175c091f4161e3611cfb0e1159a91155cc6545cc1
SHA256dd03defa1650e209860acb29e504a34a2dc411f018de9a871120d84e362cf8e9
SHA5122b4e0e222f5309b19ec94e2efaba8cacb1abb98640c12a4a50b29ae89c6e14eba62e183f15d6b3ba1a90632245f1e04ccfb577b71b97975d170c5a226be392b9
-
Filesize
372KB
MD5bda54f8f4cc0147d5fee7cc0b46faa37
SHA175c091f4161e3611cfb0e1159a91155cc6545cc1
SHA256dd03defa1650e209860acb29e504a34a2dc411f018de9a871120d84e362cf8e9
SHA5122b4e0e222f5309b19ec94e2efaba8cacb1abb98640c12a4a50b29ae89c6e14eba62e183f15d6b3ba1a90632245f1e04ccfb577b71b97975d170c5a226be392b9
-
Filesize
372KB
MD5067a829b598cb4e9c11e7e6140d574ae
SHA197cf029720240bff5208c4dee427e070fa9f0864
SHA256434a0f432a2fd90717a932a36f0fa34de193a6f0bc34fbb6a30961ba55564569
SHA5128282332f28fa58cc0192d6322e084acf6dede4e4924d5596e2a842b7c455922df7241f57f6f99474546a640e78cc8de89ae2b30e5e2ea0ac75606cb64b1239bc
-
Filesize
372KB
MD5067a829b598cb4e9c11e7e6140d574ae
SHA197cf029720240bff5208c4dee427e070fa9f0864
SHA256434a0f432a2fd90717a932a36f0fa34de193a6f0bc34fbb6a30961ba55564569
SHA5128282332f28fa58cc0192d6322e084acf6dede4e4924d5596e2a842b7c455922df7241f57f6f99474546a640e78cc8de89ae2b30e5e2ea0ac75606cb64b1239bc
-
Filesize
372KB
MD56ddc10489e1b816dd4bde60076cde455
SHA133d85bab3f313535212ff353f551fd37f6db6774
SHA2568e7f2aaa4566051d094252c09cb4013217df4fec9b3d5e1d11be40ca84f45caf
SHA51225e4c1b32362bd860aeb8b7593daf638f3bedca34442a38493b94dbc8b60a49b4654e2dc3d61b9c9395540a17a1eaa7e105e897069f54981cd63a69d6a5f39d2
-
Filesize
372KB
MD56ddc10489e1b816dd4bde60076cde455
SHA133d85bab3f313535212ff353f551fd37f6db6774
SHA2568e7f2aaa4566051d094252c09cb4013217df4fec9b3d5e1d11be40ca84f45caf
SHA51225e4c1b32362bd860aeb8b7593daf638f3bedca34442a38493b94dbc8b60a49b4654e2dc3d61b9c9395540a17a1eaa7e105e897069f54981cd63a69d6a5f39d2
-
Filesize
372KB
MD55efb0cce8a77830ca7b213aefe8170f5
SHA1f2c18967f05030bc242f83760ef0d407473f0481
SHA2560c8c60ef276646dba6c589f62a129422ac99431c1d68f11adbee54fd28c7264e
SHA512001e64bda384424ee804df3b836bfc36807a4bb4e6d00f38accb6d3fc19b55defc75a1a2c05fdbf78d76ed1962bb2b144929dc7da7e55576df9cf03a2bbb3d32
-
Filesize
372KB
MD55efb0cce8a77830ca7b213aefe8170f5
SHA1f2c18967f05030bc242f83760ef0d407473f0481
SHA2560c8c60ef276646dba6c589f62a129422ac99431c1d68f11adbee54fd28c7264e
SHA512001e64bda384424ee804df3b836bfc36807a4bb4e6d00f38accb6d3fc19b55defc75a1a2c05fdbf78d76ed1962bb2b144929dc7da7e55576df9cf03a2bbb3d32
-
Filesize
372KB
MD5862db46541a1005463bbbd62cdb65e1b
SHA1a25b7ab808d6bb353f4103f27cce7208fab1ea79
SHA25627cae6c987b0932df9568ec3249bbdece248d627db8ec028f58aa655c9b01cb3
SHA5125c862c9413cd6022212cf99501a490469ab4b21298510f5a344415acb17cc49260b90cb5fa921ddc5cacfb8b36803aaf0fe6ef32018eab15f6850f6c1be42050
-
Filesize
372KB
MD5862db46541a1005463bbbd62cdb65e1b
SHA1a25b7ab808d6bb353f4103f27cce7208fab1ea79
SHA25627cae6c987b0932df9568ec3249bbdece248d627db8ec028f58aa655c9b01cb3
SHA5125c862c9413cd6022212cf99501a490469ab4b21298510f5a344415acb17cc49260b90cb5fa921ddc5cacfb8b36803aaf0fe6ef32018eab15f6850f6c1be42050
-
Filesize
372KB
MD5519c700c817cf5d085121609474626ef
SHA17d7692e0f6324ae6f53c35fdd1d5bbf3e838b40e
SHA256c0df0389b3fa398508b7ed064c745e38f7b7bfe5d2495e4b0cd9b8e05936e860
SHA5124bedcfd7d146d45c80ab4a684ce819c7e4010079528f26cc0ebe4355ce718bcd9b061f831248a846cac49e8ddd731e1c42cab1f9899e64be8764f8a3626e94f8
-
Filesize
372KB
MD5519c700c817cf5d085121609474626ef
SHA17d7692e0f6324ae6f53c35fdd1d5bbf3e838b40e
SHA256c0df0389b3fa398508b7ed064c745e38f7b7bfe5d2495e4b0cd9b8e05936e860
SHA5124bedcfd7d146d45c80ab4a684ce819c7e4010079528f26cc0ebe4355ce718bcd9b061f831248a846cac49e8ddd731e1c42cab1f9899e64be8764f8a3626e94f8
-
Filesize
372KB
MD5fc33edc855201ddb83da871b7af74834
SHA194582ff285158139a59b27eef580a950213e5a0d
SHA256ae13c757a548debdfe406a113d1a60b20326e006f53f1c7d9341a6a852e86950
SHA512e15b356edff2eb8caf4503ef20e1a196ad90755d3aa4da97744b61dcba90b3362e3553bfe96b711d6a45a44c8d2dd6c332b10241375f6a13601e81983f58123e
-
Filesize
372KB
MD5fc33edc855201ddb83da871b7af74834
SHA194582ff285158139a59b27eef580a950213e5a0d
SHA256ae13c757a548debdfe406a113d1a60b20326e006f53f1c7d9341a6a852e86950
SHA512e15b356edff2eb8caf4503ef20e1a196ad90755d3aa4da97744b61dcba90b3362e3553bfe96b711d6a45a44c8d2dd6c332b10241375f6a13601e81983f58123e
-
Filesize
372KB
MD53d2db9b900e4524039f95c803806d532
SHA10eda013c89683d3294bf72f6bab431d6d0257de1
SHA2562872787c94f2bf7c74a21448cc126dee5c0a7a13ea5105ae9a8ad6f0189a3cf3
SHA512c13b4697f91354c5743851b65e749b9bd77db6fbef40600edbd6edc7c1d914f57399f21cb1c179b8e500fe4c209f9ade818f87a99ad1af08818c633145cdbb91
-
Filesize
372KB
MD53d2db9b900e4524039f95c803806d532
SHA10eda013c89683d3294bf72f6bab431d6d0257de1
SHA2562872787c94f2bf7c74a21448cc126dee5c0a7a13ea5105ae9a8ad6f0189a3cf3
SHA512c13b4697f91354c5743851b65e749b9bd77db6fbef40600edbd6edc7c1d914f57399f21cb1c179b8e500fe4c209f9ade818f87a99ad1af08818c633145cdbb91
-
Filesize
372KB
MD53d2db9b900e4524039f95c803806d532
SHA10eda013c89683d3294bf72f6bab431d6d0257de1
SHA2562872787c94f2bf7c74a21448cc126dee5c0a7a13ea5105ae9a8ad6f0189a3cf3
SHA512c13b4697f91354c5743851b65e749b9bd77db6fbef40600edbd6edc7c1d914f57399f21cb1c179b8e500fe4c209f9ade818f87a99ad1af08818c633145cdbb91
-
Filesize
372KB
MD5a15c923af005ca143b4b21cf14cac073
SHA162502d1a0c2714af8b9e90d6c440bf30abda45ee
SHA256122091a2b2f286d69f96598c3ae282decdecb38f34d4e007e42fc3e4eff7ec74
SHA512d4c36fab31c269980bac7c661b7d231676933460b617387a669cf30f74924d2c48e92507b6eaf896623791830ba5620887fcc17887c315851c3fe66f3236aca8
-
Filesize
372KB
MD5a15c923af005ca143b4b21cf14cac073
SHA162502d1a0c2714af8b9e90d6c440bf30abda45ee
SHA256122091a2b2f286d69f96598c3ae282decdecb38f34d4e007e42fc3e4eff7ec74
SHA512d4c36fab31c269980bac7c661b7d231676933460b617387a669cf30f74924d2c48e92507b6eaf896623791830ba5620887fcc17887c315851c3fe66f3236aca8
-
Filesize
372KB
MD57a41fc95fa45f99462015edb5085539f
SHA1bc21d6a3d46cd0be99b2e7a2a1ae6c07c969d7ce
SHA2568c7c6ee595c44d9038894ac6690f7306b4f032662ab77a59277d59962c8c7e0d
SHA512ffc9e5241a84f22b018a17310cb352c03b0682224cb27afde82ba69b81cfa3fceec97615a8695bb7b6056cf8bd54bc5ea7d244bc333546b996cb5dbf518e82c1
-
Filesize
372KB
MD57a41fc95fa45f99462015edb5085539f
SHA1bc21d6a3d46cd0be99b2e7a2a1ae6c07c969d7ce
SHA2568c7c6ee595c44d9038894ac6690f7306b4f032662ab77a59277d59962c8c7e0d
SHA512ffc9e5241a84f22b018a17310cb352c03b0682224cb27afde82ba69b81cfa3fceec97615a8695bb7b6056cf8bd54bc5ea7d244bc333546b996cb5dbf518e82c1