05c4f71a5caa0ed6809fdfa57b44836f5ee6408d73f6b97cd9a751b696091101

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2023, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3d19d65687560f5c206d0338b7d6601.exe
Size

1.8MB
MD5

b3d19d65687560f5c206d0338b7d6601
SHA1

7dc6e5681c33800c6543ecb148d4718e33138ee9
SHA256

05c4f71a5caa0ed6809fdfa57b44836f5ee6408d73f6b97cd9a751b696091101
SHA512

a08abdf2d73de01eabb72d9af096c3f6159861d376f4790837fb6e95ef50d81455279ce4e04cc39ff6d75a20d769c12123f958971e492fb3197d85120b36e6ee
SSDEEP

24576:osFKs/vvt1MSC/GoWvyMcUH81mVjIZ/WimspSM8rta7yLp08TM8nch2Cy7v4P+7M:osFKGbNoy9x0VpFm1ZE7yFsC9CiFb6h

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5076	InnerException.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4328	powershell.exe
4328	powershell.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2904	b3d19d65687560f5c206d0338b7d6601.exe
Token: SeDebugPrivilege	2904	b3d19d65687560f5c206d0338b7d6601.exe
Token: SeDebugPrivilege	4328	powershell.exe
Token: SeDebugPrivilege	5076	InnerException.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\b3d19d65687560f5c206d0338b7d6601.exe
"C:\Users\Admin\AppData\Local\Temp\b3d19d65687560f5c206d0338b7d6601.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2904

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAA==
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4328

C:\Users\Admin\AppData\Roaming\Item1\InnerException.exe
C:\Users\Admin\AppData\Roaming\Item1\InnerException.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5076

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wmirirg2.mov.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Item1\InnerException.exe

Filesize
1.8MB

MD5
b3d19d65687560f5c206d0338b7d6601

SHA1
7dc6e5681c33800c6543ecb148d4718e33138ee9

SHA256
05c4f71a5caa0ed6809fdfa57b44836f5ee6408d73f6b97cd9a751b696091101

SHA512
a08abdf2d73de01eabb72d9af096c3f6159861d376f4790837fb6e95ef50d81455279ce4e04cc39ff6d75a20d769c12123f958971e492fb3197d85120b36e6ee

Download Submit
C:\Users\Admin\AppData\Roaming\Item1\InnerException.exe

Filesize
1.8MB

MD5
b3d19d65687560f5c206d0338b7d6601

SHA1
7dc6e5681c33800c6543ecb148d4718e33138ee9

SHA256
05c4f71a5caa0ed6809fdfa57b44836f5ee6408d73f6b97cd9a751b696091101

SHA512
a08abdf2d73de01eabb72d9af096c3f6159861d376f4790837fb6e95ef50d81455279ce4e04cc39ff6d75a20d769c12123f958971e492fb3197d85120b36e6ee

Download Submit
memory/2904-189-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-2922-0x00000195472E0000-0x00000195472F0000-memory.dmp

Filesize
64KB

Download
memory/2904-139-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-141-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-195-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-145-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-147-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-149-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-151-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-153-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-155-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-157-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-159-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-161-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-163-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-165-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-167-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-169-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-171-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-173-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-175-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-177-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-179-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-181-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-183-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-185-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-187-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-133-0x000001952CB10000-0x000001952CCE2000-memory.dmp

Filesize
1.8MB

Download
memory/2904-137-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-191-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-143-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-197-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-199-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-761-0x00000195472E0000-0x00000195472F0000-memory.dmp

Filesize
64KB

Download
memory/2904-1459-0x000001952E9B0000-0x000001952E9B1000-memory.dmp

Filesize
4KB

Download
memory/2904-1497-0x0000019547560000-0x0000019547621000-memory.dmp

Filesize
772KB

Download
memory/2904-1499-0x00000195472E0000-0x00000195472F0000-memory.dmp

Filesize
64KB

Download
memory/2904-1501-0x00000195472E0000-0x00000195472F0000-memory.dmp

Filesize
64KB

Download
memory/2904-2921-0x00000195472E0000-0x00000195472F0000-memory.dmp

Filesize
64KB

Download
memory/2904-193-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-2924-0x00000195472E0000-0x00000195472F0000-memory.dmp

Filesize
64KB

Download
memory/2904-2927-0x00000195472E0000-0x00000195472F0000-memory.dmp

Filesize
64KB

Download
memory/2904-4403-0x00000195472E0000-0x00000195472F0000-memory.dmp

Filesize
64KB

Download
memory/2904-136-0x00000195472F0000-0x0000019547470000-memory.dmp

Filesize
1.5MB

Download
memory/2904-134-0x00000195472E0000-0x00000195472F0000-memory.dmp

Filesize
64KB

Download
memory/2904-135-0x000001952EB10000-0x000001952EB32000-memory.dmp

Filesize
136KB

Download
memory/4328-4417-0x0000023CFDCD0000-0x0000023CFDCE0000-memory.dmp

Filesize
64KB

Download
memory/4328-4418-0x0000023CFDCD0000-0x0000023CFDCE0000-memory.dmp

Filesize
64KB

Download
memory/4328-4416-0x0000023CFDCD0000-0x0000023CFDCE0000-memory.dmp

Filesize
64KB

Download
memory/4328-4415-0x0000023CFDCD0000-0x0000023CFDCE0000-memory.dmp

Filesize
64KB

Download
memory/5076-5778-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

Filesize
64KB

Download
memory/5076-4423-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

Filesize
64KB

Download
memory/5076-5774-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

Filesize
64KB

Download
memory/5076-5467-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

Filesize
64KB

Download
memory/5076-5776-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

Filesize
64KB

Download
memory/5076-5747-0x0000021C23490000-0x0000021C23491000-memory.dmp

Filesize
4KB

Download
memory/5076-5781-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

Filesize
64KB

Download
memory/5076-7263-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

Filesize
64KB

Download
memory/5076-7265-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

Filesize
64KB

Download
memory/5076-7267-0x0000021C3D7D0000-0x0000021C3D7E0000-memory.dmp

Filesize
64KB

Download