Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
10/07/2023, 18:38
General
-
Target
dca3f2cf5d8cabexeexeexeex.exe
-
Size
168KB
-
MD5
dca3f2cf5d8cab8c969caf2504437152
-
SHA1
9c053d62aa9956d4bc31b50d90d7ac00d182f999
-
SHA256
8e04bd87b221465b61edaae3b033d1530aa3c9778372c8ceb547dc85a8a616ef
-
SHA512
a7a85406d6505db880a28386fa3737dd192e64d204bc077c31d8e222bb59d2c3badf128bfe3e49ae98594505ff063c536429699f8cd885d7783d172102cd39d7
-
SSDEEP
1536:1EGh0oRlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oRlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dca3f2cf5d8cabexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\dca3f2cf5d8cabexeexeexeex.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A89D6EC0-71E6-4f36-8D07-5E687A976C2C}.exeC:\Windows\{A89D6EC0-71E6-4f36-8D07-5E687A976C2C}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F1E629F1-7FD3-4ba1-9B6E-1F34EF769452}.exeC:\Windows\{F1E629F1-7FD3-4ba1-9B6E-1F34EF769452}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D6B17AD8-132A-4ff5-962B-7C2C12CD36A0}.exeC:\Windows\{D6B17AD8-132A-4ff5-962B-7C2C12CD36A0}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{085727D5-9768-4f39-A93D-732A48939EA8}.exeC:\Windows\{085727D5-9768-4f39-A93D-732A48939EA8}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CA9A63F9-06A7-49ae-8089-3D37D2247314}.exeC:\Windows\{CA9A63F9-06A7-49ae-8089-3D37D2247314}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3BEF55B2-4723-4883-B0B1-53F6DD90E635}.exeC:\Windows\{3BEF55B2-4723-4883-B0B1-53F6DD90E635}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1DD7396E-9401-4d53-A174-7213A03F94F3}.exeC:\Windows\{1DD7396E-9401-4d53-A174-7213A03F94F3}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E9AB35A2-1B44-4da1-BEC6-ADC60F4ACD2D}.exeC:\Windows\{E9AB35A2-1B44-4da1-BEC6-ADC60F4ACD2D}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{72559213-FADD-4779-B6A8-A6D5528C27CB}.exeC:\Windows\{72559213-FADD-4779-B6A8-A6D5528C27CB}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9E4FCA4E-9EC9-452e-AA2C-74556952190A}.exeC:\Windows\{9E4FCA4E-9EC9-452e-AA2C-74556952190A}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4A3443E1-9A03-4b38-B9F2-FD2485615E97}.exeC:\Windows\{4A3443E1-9A03-4b38-B9F2-FD2485615E97}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{FA8A3301-8C84-49db-A843-8E66BB935F07}.exeC:\Windows\{FA8A3301-8C84-49db-A843-8E66BB935F07}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4A344~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9E4FC~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{72559~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E9AB3~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1DD73~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3BEF5~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CA9A6~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{08572~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D6B17~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F1E62~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A89D6~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\DCA3F2~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD57310a4d98ed9ca92ad657ca3951f708f
SHA14bdfe106b1745e701e0d47c1fa462d9138956fcd
SHA25663be921e5bf28698fbc70e50db7bfda0d20b597ac79c5ff50f721ca41cb450a6
SHA51297219b2a32937315d07c183f6093ad1ce0cf25df5639dc2b3298386ac43f061f2483a15da608410f51113d5e237e462f00d8bf086cc1aeea56ad4f56e8be6410
-
Filesize
168KB
MD57310a4d98ed9ca92ad657ca3951f708f
SHA14bdfe106b1745e701e0d47c1fa462d9138956fcd
SHA25663be921e5bf28698fbc70e50db7bfda0d20b597ac79c5ff50f721ca41cb450a6
SHA51297219b2a32937315d07c183f6093ad1ce0cf25df5639dc2b3298386ac43f061f2483a15da608410f51113d5e237e462f00d8bf086cc1aeea56ad4f56e8be6410
-
Filesize
168KB
MD5fb2c6ef6347f6d8279686cfde35bc6d5
SHA1f443584a1cc34389ad1965e953d2b806d4946abf
SHA256f7b995a9d31c6c50be71d9395f21cf2c81d434d686fde7f649b22b19cc56ae8e
SHA512a48a12fa391fdccfe48733c9c890293c111c779df55d7abf090b96523e83bb17eb4ec8822843eb25f83c47f394cad5e2abe6620aee2c3d7ac4afa7bce8670cbc
-
Filesize
168KB
MD5fb2c6ef6347f6d8279686cfde35bc6d5
SHA1f443584a1cc34389ad1965e953d2b806d4946abf
SHA256f7b995a9d31c6c50be71d9395f21cf2c81d434d686fde7f649b22b19cc56ae8e
SHA512a48a12fa391fdccfe48733c9c890293c111c779df55d7abf090b96523e83bb17eb4ec8822843eb25f83c47f394cad5e2abe6620aee2c3d7ac4afa7bce8670cbc
-
Filesize
168KB
MD536b85f8e087cc274a2a3da22d2e2b616
SHA1ea14d53ef9e47cfe5a460db0e6262565f1885d30
SHA256e578c04b7a8b9f68943b865e527fa089933bb2fd70d5c2dcea7d7d3af2b0d380
SHA5128e7eb49a9be068d4ae9310b7ac3ebb65e6d39ca244708bfeced352ce79a75d0c47b292ce68713b582342cc41cdb449b07ce0bca416650ebe98a0106bb6e29b10
-
Filesize
168KB
MD536b85f8e087cc274a2a3da22d2e2b616
SHA1ea14d53ef9e47cfe5a460db0e6262565f1885d30
SHA256e578c04b7a8b9f68943b865e527fa089933bb2fd70d5c2dcea7d7d3af2b0d380
SHA5128e7eb49a9be068d4ae9310b7ac3ebb65e6d39ca244708bfeced352ce79a75d0c47b292ce68713b582342cc41cdb449b07ce0bca416650ebe98a0106bb6e29b10
-
Filesize
168KB
MD5eb73118bd0811cb6e7a2ba6bc0a39b0c
SHA17e1585d061f0885448b08abd054a1843ef84a7e8
SHA256ca174ee7c2289e2bb5cf6dab483b5da0760bc20643e919f2aa28472f4dd7276b
SHA512df90ea924196f48c695b074be25281d81b23b257b05857600624c072962050b7861e4761cce72ebe22b15b78f10a0dc1a22ab0f5008de7503aef9b67ef70bcde
-
Filesize
168KB
MD5eb73118bd0811cb6e7a2ba6bc0a39b0c
SHA17e1585d061f0885448b08abd054a1843ef84a7e8
SHA256ca174ee7c2289e2bb5cf6dab483b5da0760bc20643e919f2aa28472f4dd7276b
SHA512df90ea924196f48c695b074be25281d81b23b257b05857600624c072962050b7861e4761cce72ebe22b15b78f10a0dc1a22ab0f5008de7503aef9b67ef70bcde
-
Filesize
168KB
MD5ca8c1e2c19ce75d3dac3d13042a53b09
SHA10381b22718eece085345083254aa1c9c69e77a96
SHA25615fc46330015fe92ac8f8747e6fa9679e27f6fe27f0d78140b745ed31e7d0797
SHA5129de6ca840aaaeefc47f00b2afd34208d14a61f4fc92e4c2a0b49ce47fd380168d3c346520bca0a0627ce73833fc7730c6db4bd2374e55bf12c631ca79b335114
-
Filesize
168KB
MD5ca8c1e2c19ce75d3dac3d13042a53b09
SHA10381b22718eece085345083254aa1c9c69e77a96
SHA25615fc46330015fe92ac8f8747e6fa9679e27f6fe27f0d78140b745ed31e7d0797
SHA5129de6ca840aaaeefc47f00b2afd34208d14a61f4fc92e4c2a0b49ce47fd380168d3c346520bca0a0627ce73833fc7730c6db4bd2374e55bf12c631ca79b335114
-
Filesize
168KB
MD5a5367b353815bc67089dfb120d60570a
SHA126f6bbec4a26491fade418066b0814fc4f4e892e
SHA256214ee21f7b418fcae9f44377ab003efa14e5ff26570d50697ad58feaea4dbb97
SHA512e7777da09208b74b67fd9878ff8b1ccc1c75f584966e189bf6c2faed2f0ac9ce372c745d5aa8e59bca84e986f166249a199469ef9c484bba2c717c0ef95a01bb
-
Filesize
168KB
MD5a5367b353815bc67089dfb120d60570a
SHA126f6bbec4a26491fade418066b0814fc4f4e892e
SHA256214ee21f7b418fcae9f44377ab003efa14e5ff26570d50697ad58feaea4dbb97
SHA512e7777da09208b74b67fd9878ff8b1ccc1c75f584966e189bf6c2faed2f0ac9ce372c745d5aa8e59bca84e986f166249a199469ef9c484bba2c717c0ef95a01bb
-
Filesize
168KB
MD5e6f85566a42848561455682e750b07b9
SHA10766e583f6bbca6ba2d9a783148bcfb45363c765
SHA25644dc4530a971f5febde02a5aff4abf6abbf8e9a86e6e872d9cd2a521e75c4353
SHA512e1993c53418843bbe2043577574edb296097611a9034ecd34b2f847d1a8b16181bb030f50f7904c42959868f560ce32e77393cdd4a7865a2defd230d537f3630
-
Filesize
168KB
MD5e6f85566a42848561455682e750b07b9
SHA10766e583f6bbca6ba2d9a783148bcfb45363c765
SHA25644dc4530a971f5febde02a5aff4abf6abbf8e9a86e6e872d9cd2a521e75c4353
SHA512e1993c53418843bbe2043577574edb296097611a9034ecd34b2f847d1a8b16181bb030f50f7904c42959868f560ce32e77393cdd4a7865a2defd230d537f3630
-
Filesize
168KB
MD5cb9720acd04fc3dfed3c31ec4c3d8dbf
SHA1936a3e14ad081211e15621300ef7ae7e290a9f1b
SHA2567018d851b30e13c91c620c36ae220e6a112cfb97500628084824d162f675439f
SHA512bacfae72e12f999a011ec629a88833c1b62bde33679ab24a725326d1f29f5150800dd4cbd357258095cb71998807cce8c341931c68ee42e588a872f2f3e41a4f
-
Filesize
168KB
MD5cb9720acd04fc3dfed3c31ec4c3d8dbf
SHA1936a3e14ad081211e15621300ef7ae7e290a9f1b
SHA2567018d851b30e13c91c620c36ae220e6a112cfb97500628084824d162f675439f
SHA512bacfae72e12f999a011ec629a88833c1b62bde33679ab24a725326d1f29f5150800dd4cbd357258095cb71998807cce8c341931c68ee42e588a872f2f3e41a4f
-
Filesize
168KB
MD59adb67dc39edd4deac963477d43fc390
SHA14f267b6fc98b22db86818d3b1ffc7ec3671d7b49
SHA256a363f8b751a663dc45c87a2ee24357438fd677a4b95dbd1d3b7a5c87dc39585d
SHA512256bd533e95dbc9a6c561fbd5f17301f57a4f9b00fa76659e832425f9e77e167776e0bcc153fab9833b13bc1461d6bcfbd7695e5d542994402859c2877ba6868
-
Filesize
168KB
MD59adb67dc39edd4deac963477d43fc390
SHA14f267b6fc98b22db86818d3b1ffc7ec3671d7b49
SHA256a363f8b751a663dc45c87a2ee24357438fd677a4b95dbd1d3b7a5c87dc39585d
SHA512256bd533e95dbc9a6c561fbd5f17301f57a4f9b00fa76659e832425f9e77e167776e0bcc153fab9833b13bc1461d6bcfbd7695e5d542994402859c2877ba6868
-
Filesize
168KB
MD59adb67dc39edd4deac963477d43fc390
SHA14f267b6fc98b22db86818d3b1ffc7ec3671d7b49
SHA256a363f8b751a663dc45c87a2ee24357438fd677a4b95dbd1d3b7a5c87dc39585d
SHA512256bd533e95dbc9a6c561fbd5f17301f57a4f9b00fa76659e832425f9e77e167776e0bcc153fab9833b13bc1461d6bcfbd7695e5d542994402859c2877ba6868
-
Filesize
168KB
MD56bfc126c1cb47c329613b0fb3378961e
SHA14988b45503a1982b993315c89bdacd565b9e5633
SHA256cee47fb4ee976bf9599854a4895673b06a27763d8a17b99ca8d253265030f841
SHA512d498b2baad1a7c747e2044528e17a390813ab7869d03c61a3f1817cadddbfb93cc90a436861e3563bd290055fbb7f4d1ae1787fc01eba890481ccfab7790b22e
-
Filesize
168KB
MD56bfc126c1cb47c329613b0fb3378961e
SHA14988b45503a1982b993315c89bdacd565b9e5633
SHA256cee47fb4ee976bf9599854a4895673b06a27763d8a17b99ca8d253265030f841
SHA512d498b2baad1a7c747e2044528e17a390813ab7869d03c61a3f1817cadddbfb93cc90a436861e3563bd290055fbb7f4d1ae1787fc01eba890481ccfab7790b22e
-
Filesize
168KB
MD5b6cb6a7ebf2659d4aca3cb57d421945e
SHA1f2813ae359fe098349d0b1fb6ef783b5eab30a58
SHA2563f57f2aa4985d9341ac9be650b84b257cebf5ec46468b3d133296c99722b1acd
SHA5122b0cd9df23da6b7b41d8270fa699db90cc81d2072e47f65a62c7bd0ff5b81a63a99b86d73c9f4f4ee89b6b65ef08a8244de51298cc3ba19294c02de1dc8646a4
-
Filesize
168KB
MD5b6cb6a7ebf2659d4aca3cb57d421945e
SHA1f2813ae359fe098349d0b1fb6ef783b5eab30a58
SHA2563f57f2aa4985d9341ac9be650b84b257cebf5ec46468b3d133296c99722b1acd
SHA5122b0cd9df23da6b7b41d8270fa699db90cc81d2072e47f65a62c7bd0ff5b81a63a99b86d73c9f4f4ee89b6b65ef08a8244de51298cc3ba19294c02de1dc8646a4
-
Filesize
168KB
MD5927502cad019f2a9592b4191796c276b
SHA1be1bcda1647647110ae405ba8f2d82b8d1a19eef
SHA2569bdbc42c4bd3ba08fc89c9d1e2c4cccf480291f823c266594d495fa85dff9eb0
SHA5127830ab932948fa1fe848c18f615badd90388a37c85298e46d76ac4b2d59619ae6738fec3df8564cee0318db88bd9edc9caf825deadb0a596bfed21347c5707dd
-
Filesize
168KB
MD5927502cad019f2a9592b4191796c276b
SHA1be1bcda1647647110ae405ba8f2d82b8d1a19eef
SHA2569bdbc42c4bd3ba08fc89c9d1e2c4cccf480291f823c266594d495fa85dff9eb0
SHA5127830ab932948fa1fe848c18f615badd90388a37c85298e46d76ac4b2d59619ae6738fec3df8564cee0318db88bd9edc9caf825deadb0a596bfed21347c5707dd