Analysis
-
max time kernel
151s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230705-en -
resource tags
-
submitted
09/07/2023, 14:48
General
-
Target
af067a0577994dexeexeexeex.exe
-
Size
408KB
-
MD5
af067a0577994d6f1f282d6cec71c382
-
SHA1
88482045ea454daf9ade8023c2e002c0786cff14
-
SHA256
df35c647aecd640e3051efef55f22997a1ad172a48c0a7d12fbc7aabb9ff7fc5
-
SHA512
862a7b925ed2a57e33a48037d0bb8f82e4d22e1a5f580b9d334e1f71489ce90bb771aabcb72f4cf33432654566d7baef4ff030595d993baf2ee6f00889a3def6
-
SSDEEP
3072:CEGh0owl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGaldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 26 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 13 IoCs
-
Drops file in Windows directory 13 IoCs
-
Suspicious use of AdjustPrivilegeToken 13 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\af067a0577994dexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\af067a0577994dexeexeexeex.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EC51F452-4B14-4e72-BBF1-9BA9B5B3D4C4}.exeC:\Windows\{EC51F452-4B14-4e72-BBF1-9BA9B5B3D4C4}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{25500E85-45EF-4372-8623-943929316201}.exeC:\Windows\{25500E85-45EF-4372-8623-943929316201}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6D7FB21D-C17C-472d-9537-52099ABE1C08}.exeC:\Windows\{6D7FB21D-C17C-472d-9537-52099ABE1C08}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4400E6A6-1A6A-4f61-A683-60464378732E}.exeC:\Windows\{4400E6A6-1A6A-4f61-A683-60464378732E}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CA4EAA6A-8C13-4b0e-90CE-B5EBA054215F}.exeC:\Windows\{CA4EAA6A-8C13-4b0e-90CE-B5EBA054215F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EC004721-7537-47df-BB0F-B59257E49C53}.exeC:\Windows\{EC004721-7537-47df-BB0F-B59257E49C53}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3963C901-A60C-4b9f-843B-8276408CC37D}.exeC:\Windows\{3963C901-A60C-4b9f-843B-8276408CC37D}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1DE74FA7-0563-475e-AD56-47C014DA366D}.exeC:\Windows\{1DE74FA7-0563-475e-AD56-47C014DA366D}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{085CF33B-851B-4fe7-B616-BAC662398171}.exeC:\Windows\{085CF33B-851B-4fe7-B616-BAC662398171}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{68068789-D4A2-481b-B06C-8466169D8BBB}.exeC:\Windows\{68068789-D4A2-481b-B06C-8466169D8BBB}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9803E7F8-5A36-4a0f-BE10-7B5635EFA933}.exeC:\Windows\{9803E7F8-5A36-4a0f-BE10-7B5635EFA933}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{72753836-27E3-4244-A535-C28E9E5B5821}.exeC:\Windows\{72753836-27E3-4244-A535-C28E9E5B5821}.exe13⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{FB35B9EC-5EB0-44c7-81F5-F2AF95E2C000}.exeC:\Windows\{FB35B9EC-5EB0-44c7-81F5-F2AF95E2C000}.exe14⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{72753~1.EXE > nul14⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9803E~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{68068~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{085CF~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1DE74~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3963C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EC004~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CA4EA~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4400E~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6D7FB~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{25500~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EC51F~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\AF067A~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD576f8593489b7821948e645767b568e75
SHA120eb0b0f5dc98b06619f5e3dc4462574d5b9ec33
SHA256194a51568146c4c7722f196be31b195142628b34fdcdb112faf5ecff8d6b6bee
SHA512f2baeb803831fa5f35a36fa61a6b8f07ffc7c9da8a0596c9a597e9917468649365506101e36bac19a8152a14c99f7127ab6509e2250d5d52b70fa1c023945036
-
Filesize
408KB
MD576f8593489b7821948e645767b568e75
SHA120eb0b0f5dc98b06619f5e3dc4462574d5b9ec33
SHA256194a51568146c4c7722f196be31b195142628b34fdcdb112faf5ecff8d6b6bee
SHA512f2baeb803831fa5f35a36fa61a6b8f07ffc7c9da8a0596c9a597e9917468649365506101e36bac19a8152a14c99f7127ab6509e2250d5d52b70fa1c023945036
-
Filesize
408KB
MD5d86e92c03f9f56b0041709ac3180bbe6
SHA14b16d7d18e805aa39be6f98dbb1ee1ec2b44a1ee
SHA256a43c3f6df1628702da9cc5900949441c0f87cf8f080edac687c9a73b6753b6e7
SHA51222ae98e8f4c91816a5d3f783a967f6218a3264d752b203e28001e7689a9b3e36782629c5768c2574228c5f25d71dfe609747b94008fe1b36c93dd28d6aeded25
-
Filesize
408KB
MD5d86e92c03f9f56b0041709ac3180bbe6
SHA14b16d7d18e805aa39be6f98dbb1ee1ec2b44a1ee
SHA256a43c3f6df1628702da9cc5900949441c0f87cf8f080edac687c9a73b6753b6e7
SHA51222ae98e8f4c91816a5d3f783a967f6218a3264d752b203e28001e7689a9b3e36782629c5768c2574228c5f25d71dfe609747b94008fe1b36c93dd28d6aeded25
-
Filesize
408KB
MD5b6342ce9af42bf7fddc8afb5687375e8
SHA15fc06be232996d079d828db84a3ee1b739a4f8df
SHA2561ba897992fe662b0c1d7cc1eda44290a3d1168cbd5c7bca08b2f55dce1a651ce
SHA5129481d488ec690d54d2914ecbab514bfa336e0d73114089308ad9c2ad3febfbc03fdb1a9bc9df6211de28245f380f3d3811138f70c63692f2a8a3fe4c8c443049
-
Filesize
408KB
MD5b6342ce9af42bf7fddc8afb5687375e8
SHA15fc06be232996d079d828db84a3ee1b739a4f8df
SHA2561ba897992fe662b0c1d7cc1eda44290a3d1168cbd5c7bca08b2f55dce1a651ce
SHA5129481d488ec690d54d2914ecbab514bfa336e0d73114089308ad9c2ad3febfbc03fdb1a9bc9df6211de28245f380f3d3811138f70c63692f2a8a3fe4c8c443049
-
Filesize
408KB
MD5926dac02c4b7e9d4d05171954efed8b2
SHA19816add66c409e68ec29a5d26ac9ec4780fe282a
SHA256cf2055bff46f9a40d5e95ee8baf4777fb3e5e51b5ee99d5b5714fe3da5125cdf
SHA5127bd04ad41e3d373ba511c58347e73ed7c51ae0fef4cee34c61d45e0e81f1ab3da6c6a40d25f8aefbac126c7dfb3562c4d1ec5b745bb53331e9254c91091b19cd
-
Filesize
408KB
MD5926dac02c4b7e9d4d05171954efed8b2
SHA19816add66c409e68ec29a5d26ac9ec4780fe282a
SHA256cf2055bff46f9a40d5e95ee8baf4777fb3e5e51b5ee99d5b5714fe3da5125cdf
SHA5127bd04ad41e3d373ba511c58347e73ed7c51ae0fef4cee34c61d45e0e81f1ab3da6c6a40d25f8aefbac126c7dfb3562c4d1ec5b745bb53331e9254c91091b19cd
-
Filesize
408KB
MD53ba02cd5f3b98e4470d339d8e075e683
SHA12f6767399eaae466a902bc2015dd88ef8eb150ee
SHA2567e12417f74eb8896270697f3a3158e0553c5c25f3c73dd3e543e12cc45dbd6ce
SHA5122d676728924752bce0a79862eb17d2fdb4c44327b033d35dbaf9a065e668df6f1c0817a884fd02b531ffe2b4508c2d85add6139c48ea5a101373ef5815635abe
-
Filesize
408KB
MD53ba02cd5f3b98e4470d339d8e075e683
SHA12f6767399eaae466a902bc2015dd88ef8eb150ee
SHA2567e12417f74eb8896270697f3a3158e0553c5c25f3c73dd3e543e12cc45dbd6ce
SHA5122d676728924752bce0a79862eb17d2fdb4c44327b033d35dbaf9a065e668df6f1c0817a884fd02b531ffe2b4508c2d85add6139c48ea5a101373ef5815635abe
-
Filesize
408KB
MD561dc26c65ab64ea9ca06d553def6c1d3
SHA1359fb4f159b0e9198b5c76e5c17b84fd11b9ed01
SHA25607a2c2c77d01f1c162dfeb81356cb9d63b16267f7bff4628c3bf2527846acc38
SHA5128d6302b4c9b505238fdcb163226d9d61fac4f912439686d205c8b5e1da89d4dac8190add201f599e7fcc9f1ed47def24ee9f992f90be77a77c3636e0c465fdd5
-
Filesize
408KB
MD561dc26c65ab64ea9ca06d553def6c1d3
SHA1359fb4f159b0e9198b5c76e5c17b84fd11b9ed01
SHA25607a2c2c77d01f1c162dfeb81356cb9d63b16267f7bff4628c3bf2527846acc38
SHA5128d6302b4c9b505238fdcb163226d9d61fac4f912439686d205c8b5e1da89d4dac8190add201f599e7fcc9f1ed47def24ee9f992f90be77a77c3636e0c465fdd5
-
Filesize
408KB
MD5c09384d76e1d30ea0b12a116ffa3dca0
SHA132b42f76bc619d544edf7ae420c802cda4a5a1d6
SHA25660fa1462310d792c95ab4f3a158ceafd6a3f1e127d37302d50ae793c30910c3e
SHA5129ba084ab4a6dd995512f137e956b0e4d885c3a714327f592b5f55163d5ee781b8a8abe23616f6204f5ff91d1cd36aa983b1880235f0349e0f5432629c30845e2
-
Filesize
408KB
MD5c09384d76e1d30ea0b12a116ffa3dca0
SHA132b42f76bc619d544edf7ae420c802cda4a5a1d6
SHA25660fa1462310d792c95ab4f3a158ceafd6a3f1e127d37302d50ae793c30910c3e
SHA5129ba084ab4a6dd995512f137e956b0e4d885c3a714327f592b5f55163d5ee781b8a8abe23616f6204f5ff91d1cd36aa983b1880235f0349e0f5432629c30845e2
-
Filesize
408KB
MD5a25636eecaa7004c675d9608d6973e27
SHA1fabfd5199aa5f085ebb44d2939e7d85f246e6527
SHA2566099021f9d65b5254ddaebf47b0ad74b8cf048b79d191da04ade179fc284b3f0
SHA512ceb54394b8b922a940b752be5a159e417e62d89a1cec3a19cbccfeae36d1079b1d02d818746795580338024342ff16c138236452e8e22b4aac3d20e0f760d3d8
-
Filesize
408KB
MD5a25636eecaa7004c675d9608d6973e27
SHA1fabfd5199aa5f085ebb44d2939e7d85f246e6527
SHA2566099021f9d65b5254ddaebf47b0ad74b8cf048b79d191da04ade179fc284b3f0
SHA512ceb54394b8b922a940b752be5a159e417e62d89a1cec3a19cbccfeae36d1079b1d02d818746795580338024342ff16c138236452e8e22b4aac3d20e0f760d3d8
-
Filesize
408KB
MD5e5e7d7301785e74f52ffb50a3ea19009
SHA1a90ecd0a8be94ad1a539dabfbb1290da0e270f9e
SHA2567091cc6b4ab5f1de6b131e5d1b42878108878a1ba26ada844b272871b70344aa
SHA512722ebe580c90a4d8674b87447d2e20e6358746044d92de76f0e3e3fbc137c3b4e5616391b8e9ca66fbb5a58a81a93772e82e82125dbf8fb16ac5bea1107fcb79
-
Filesize
408KB
MD5e5e7d7301785e74f52ffb50a3ea19009
SHA1a90ecd0a8be94ad1a539dabfbb1290da0e270f9e
SHA2567091cc6b4ab5f1de6b131e5d1b42878108878a1ba26ada844b272871b70344aa
SHA512722ebe580c90a4d8674b87447d2e20e6358746044d92de76f0e3e3fbc137c3b4e5616391b8e9ca66fbb5a58a81a93772e82e82125dbf8fb16ac5bea1107fcb79
-
Filesize
408KB
MD58736919d9e4b50470c8043c4c907f87e
SHA1412316e2c6dc4557d0a0f259ae6f21f62975aa70
SHA2563b89a3b682c51a0c4bb9f1170b16d04ccba3aaef588424cb62cc65d0d0430ece
SHA512f735b0cb5db2350bdc53a32b60edf951c98dd0bb992fe8f4fe5a5ea98f9b8a88cdba35a6d94921a794bdb8e4cf04f22ae8f82497db5dff45cf9e269f5dfd4ab9
-
Filesize
408KB
MD58736919d9e4b50470c8043c4c907f87e
SHA1412316e2c6dc4557d0a0f259ae6f21f62975aa70
SHA2563b89a3b682c51a0c4bb9f1170b16d04ccba3aaef588424cb62cc65d0d0430ece
SHA512f735b0cb5db2350bdc53a32b60edf951c98dd0bb992fe8f4fe5a5ea98f9b8a88cdba35a6d94921a794bdb8e4cf04f22ae8f82497db5dff45cf9e269f5dfd4ab9
-
Filesize
408KB
MD5a452d9eb0d0c21d719497be31ebaf949
SHA1433662708bbca73d5665337984c37ae4123c80de
SHA256e4bde61b5ccf4573abc1d3cad984a36ef60e2d92e3cfb5c878de91fbf5392f50
SHA512e7bc4b394e29054956764067c05ec77a50ef87e9ec84676043e5f78eef0ae0d52c4a2c79f72bafd8ff986e87e6dd3fd0f8ae37ecb7c744a6952c78107e7f6d9c
-
Filesize
408KB
MD5a452d9eb0d0c21d719497be31ebaf949
SHA1433662708bbca73d5665337984c37ae4123c80de
SHA256e4bde61b5ccf4573abc1d3cad984a36ef60e2d92e3cfb5c878de91fbf5392f50
SHA512e7bc4b394e29054956764067c05ec77a50ef87e9ec84676043e5f78eef0ae0d52c4a2c79f72bafd8ff986e87e6dd3fd0f8ae37ecb7c744a6952c78107e7f6d9c
-
Filesize
408KB
MD53b99771321a2cf19b8ee7b0d86e09232
SHA1bb2a76c433d0cf6332d5f2d36f70368a3610c704
SHA2562d25dd118d6c26444ba610ba6f3651c9fcb0f97abbcef42868c63af27a8cbbed
SHA512b9bb23048f486f1e5001dad16fd3f36f2b8c4662703ffeb1a001176b642812199f7e610eafe3c6011786153f0cd157cbaa69b7e4404a30fa0b722e5c97d31a6f
-
Filesize
408KB
MD53b99771321a2cf19b8ee7b0d86e09232
SHA1bb2a76c433d0cf6332d5f2d36f70368a3610c704
SHA2562d25dd118d6c26444ba610ba6f3651c9fcb0f97abbcef42868c63af27a8cbbed
SHA512b9bb23048f486f1e5001dad16fd3f36f2b8c4662703ffeb1a001176b642812199f7e610eafe3c6011786153f0cd157cbaa69b7e4404a30fa0b722e5c97d31a6f
-
Filesize
408KB
MD53b99771321a2cf19b8ee7b0d86e09232
SHA1bb2a76c433d0cf6332d5f2d36f70368a3610c704
SHA2562d25dd118d6c26444ba610ba6f3651c9fcb0f97abbcef42868c63af27a8cbbed
SHA512b9bb23048f486f1e5001dad16fd3f36f2b8c4662703ffeb1a001176b642812199f7e610eafe3c6011786153f0cd157cbaa69b7e4404a30fa0b722e5c97d31a6f
-
Filesize
408KB
MD525f79b195944466370e14060fb8e4462
SHA1b82185ab88a24093dab8af34e7c8257875a97467
SHA256ba21d1ecfec1c97b4f053e77ad905f87f8abb05b4a087c24764e2ec98040a50b
SHA5125206def96f34b564b4b51ffd61f585cbdc25bdf60014cc301c524a25bc3d0ede48eae5252a0dcaa4ec840b7083a4c37dab17adf45add550acbad991f63f4def9