Analysis
-
max time kernel
146s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
11/07/2023, 17:15
General
-
Target
fec663eccd91c1exeexeexeex.exe
-
Size
216KB
-
MD5
fec663eccd91c12343de41036e8a027b
-
SHA1
b1543507fc3263dd055afd99c36b8910e0d73baf
-
SHA256
575ccdd9f82bf906196cc12647340608423a003bfe15b6c6575e64f1d44b0e2e
-
SHA512
141d385df07a3980dec4e65cc521ebaa5e3b6467da3b15da300797d2bc49acd4522a5decf21c762b942fba348ada8f83275a780d117b89274fd8d2755de04515
-
SSDEEP
3072:jEGh0o/l+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGFlEeKcAEcGy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fec663eccd91c1exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\fec663eccd91c1exeexeexeex.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2E90DF19-9A62-40b4-BDDF-2C575991D2D2}.exeC:\Windows\{2E90DF19-9A62-40b4-BDDF-2C575991D2D2}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B1E7A6FA-EE80-4cb8-BC50-F161AF43F627}.exeC:\Windows\{B1E7A6FA-EE80-4cb8-BC50-F161AF43F627}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{130E3739-B73B-4a3c-A1BB-51DD385871BE}.exeC:\Windows\{130E3739-B73B-4a3c-A1BB-51DD385871BE}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7303B104-8FF3-40d0-9CC8-216E71371CBE}.exeC:\Windows\{7303B104-8FF3-40d0-9CC8-216E71371CBE}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{264DCA20-5F03-49b8-9EF4-6742FFDA63E2}.exeC:\Windows\{264DCA20-5F03-49b8-9EF4-6742FFDA63E2}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9E00ADCF-E9BD-4c08-87E4-AE29B5F3D56C}.exeC:\Windows\{9E00ADCF-E9BD-4c08-87E4-AE29B5F3D56C}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{320631B5-1776-428f-A344-A47AA8015164}.exeC:\Windows\{320631B5-1776-428f-A344-A47AA8015164}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4C07968C-C07A-4aaa-B6E9-5E16AFAE2C95}.exeC:\Windows\{4C07968C-C07A-4aaa-B6E9-5E16AFAE2C95}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{71E062EC-2467-4aa2-ADDB-02FBCBC3C5BF}.exeC:\Windows\{71E062EC-2467-4aa2-ADDB-02FBCBC3C5BF}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3D3787A9-A4FE-4bbf-A696-0FCAE047411D}.exeC:\Windows\{3D3787A9-A4FE-4bbf-A696-0FCAE047411D}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{55453D7F-F81C-4e98-B59E-18FFE40F928B}.exeC:\Windows\{55453D7F-F81C-4e98-B59E-18FFE40F928B}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9F51860F-84D9-4a9f-9859-C2246532AABE}.exeC:\Windows\{9F51860F-84D9-4a9f-9859-C2246532AABE}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{55453~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3D378~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{71E06~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4C079~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{32063~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9E00A~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{264DC~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7303B~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{130E3~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B1E7A~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2E90D~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\FEC663~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD54db3ee75cce550db3b3de6933ec0e90c
SHA147c8a34da00049e7f7abe3aacdff1c87452509e7
SHA2565f2634920439a88e2dc8016e5bcca7b2ade32291b5bccc90b44b37e2088835a7
SHA5128347382c50d87313da1335375fc42fa583038b382a130fccaf02c3eeec1f5e47f438fecff46fbe83e8ee43fc1b9746071b95b6ecaf85750b4fa9bf44b77b3d0a
-
Filesize
216KB
MD54db3ee75cce550db3b3de6933ec0e90c
SHA147c8a34da00049e7f7abe3aacdff1c87452509e7
SHA2565f2634920439a88e2dc8016e5bcca7b2ade32291b5bccc90b44b37e2088835a7
SHA5128347382c50d87313da1335375fc42fa583038b382a130fccaf02c3eeec1f5e47f438fecff46fbe83e8ee43fc1b9746071b95b6ecaf85750b4fa9bf44b77b3d0a
-
Filesize
216KB
MD54db3ee75cce550db3b3de6933ec0e90c
SHA147c8a34da00049e7f7abe3aacdff1c87452509e7
SHA2565f2634920439a88e2dc8016e5bcca7b2ade32291b5bccc90b44b37e2088835a7
SHA5128347382c50d87313da1335375fc42fa583038b382a130fccaf02c3eeec1f5e47f438fecff46fbe83e8ee43fc1b9746071b95b6ecaf85750b4fa9bf44b77b3d0a
-
Filesize
216KB
MD5c7b4107c33aaa453138b17aca20103c9
SHA1cdc9e42a9721923cf7b181ade84004e6298867d9
SHA256bca9c444f07f01c2cde216f1b43063a78fbfe1a2e2eb5bd1efa3cb5a9565ee01
SHA512039ca10b6d3e7fc2e61a3052367d0c7000c8280b53241cc4a99b085acd1eb753c756b444a29f5755f31e19937a49e6dc73c04424a36c3f25c9b8529ca0aed6bc
-
Filesize
216KB
MD5c7b4107c33aaa453138b17aca20103c9
SHA1cdc9e42a9721923cf7b181ade84004e6298867d9
SHA256bca9c444f07f01c2cde216f1b43063a78fbfe1a2e2eb5bd1efa3cb5a9565ee01
SHA512039ca10b6d3e7fc2e61a3052367d0c7000c8280b53241cc4a99b085acd1eb753c756b444a29f5755f31e19937a49e6dc73c04424a36c3f25c9b8529ca0aed6bc
-
Filesize
216KB
MD55b620eb5e6a20bc3d5ecc4d31c711e8a
SHA1ed058294c8e0decaff603716557c76f6e736a6ac
SHA256c8ce869213edf770f1dded6a3d301908a011c77796494f7770a83a2bf404b268
SHA512712eac2b9b8b58febc16c225d5a48f94702bec5007b599202d11ec5769f839179f6c3eb45f2b6e3d8a4f0f14fc9e34454ef1def4eadaec0273b47b38bcdf2a6e
-
Filesize
216KB
MD55b620eb5e6a20bc3d5ecc4d31c711e8a
SHA1ed058294c8e0decaff603716557c76f6e736a6ac
SHA256c8ce869213edf770f1dded6a3d301908a011c77796494f7770a83a2bf404b268
SHA512712eac2b9b8b58febc16c225d5a48f94702bec5007b599202d11ec5769f839179f6c3eb45f2b6e3d8a4f0f14fc9e34454ef1def4eadaec0273b47b38bcdf2a6e
-
Filesize
216KB
MD533dbb8bef58dbe7fc103494c22f9557e
SHA1777824037c5c1d5a1b2856fd7d4bb7fd4b098c61
SHA2560f293cc236e60fa2e46d4bb818762728d6b6d387c296be7aa505f71c40ff8e5c
SHA51227cfd255750cc1d90dcedbd2876c2a8107a6383d5d84c12d587ed616451a427e3e35b635be014876344e814cc54a7ce010ab87557b6ccc0603cbcb5cb5afda20
-
Filesize
216KB
MD533dbb8bef58dbe7fc103494c22f9557e
SHA1777824037c5c1d5a1b2856fd7d4bb7fd4b098c61
SHA2560f293cc236e60fa2e46d4bb818762728d6b6d387c296be7aa505f71c40ff8e5c
SHA51227cfd255750cc1d90dcedbd2876c2a8107a6383d5d84c12d587ed616451a427e3e35b635be014876344e814cc54a7ce010ab87557b6ccc0603cbcb5cb5afda20
-
Filesize
216KB
MD56fbf8f25e3bf4c5ec871e894f5509751
SHA19eb7ed29037420adef35cf0674b109c853469599
SHA2565cd7cb08478126cc49afc3a54e1422c1a62a0ab846a619ac32255d47289aa80c
SHA512a13c63c431dc7d296350f02ea6ba7f27596eae6850344dcb9576d78994007d6118ce48a01637afa38a26fe3f8619fdc63f747df188e349f8a3d8e5dec0baf1d2
-
Filesize
216KB
MD56fbf8f25e3bf4c5ec871e894f5509751
SHA19eb7ed29037420adef35cf0674b109c853469599
SHA2565cd7cb08478126cc49afc3a54e1422c1a62a0ab846a619ac32255d47289aa80c
SHA512a13c63c431dc7d296350f02ea6ba7f27596eae6850344dcb9576d78994007d6118ce48a01637afa38a26fe3f8619fdc63f747df188e349f8a3d8e5dec0baf1d2
-
Filesize
216KB
MD5ccda0a495e93a4c8cfcfb86af67305ce
SHA171c1e66dbb12ed330caf5ea8ed3baf8d90cb86b4
SHA256a5f6c11ed602130e634187975d61d292a16e8da803bc3f57ae7678fc8753137d
SHA5125373fb4cf3595f982d0532728ec775ac6dca00a5f2ba0e277d3caa81bcb494214d69b1abbc3a0390b2612aba694ecd2cdce0f2dc91a6c92f15cc802333dba527
-
Filesize
216KB
MD5ccda0a495e93a4c8cfcfb86af67305ce
SHA171c1e66dbb12ed330caf5ea8ed3baf8d90cb86b4
SHA256a5f6c11ed602130e634187975d61d292a16e8da803bc3f57ae7678fc8753137d
SHA5125373fb4cf3595f982d0532728ec775ac6dca00a5f2ba0e277d3caa81bcb494214d69b1abbc3a0390b2612aba694ecd2cdce0f2dc91a6c92f15cc802333dba527
-
Filesize
216KB
MD59c56d957c20e1a2100e96258d42161a3
SHA19e223e3e1268592e7cb89d235a87d797ad6143d3
SHA256926bdd173d43708b7fbce838887e45e99fa3d4bc8b4cf3cbcf6e14c6433423b8
SHA512af4d2c5e7980b3e86047d5a9691b84f50932ee5f919076d554099ab65713f406fb4b5bbe6044e703bce3d82286bd4f94541279cd354b83068cc1933e19c5b59c
-
Filesize
216KB
MD59c56d957c20e1a2100e96258d42161a3
SHA19e223e3e1268592e7cb89d235a87d797ad6143d3
SHA256926bdd173d43708b7fbce838887e45e99fa3d4bc8b4cf3cbcf6e14c6433423b8
SHA512af4d2c5e7980b3e86047d5a9691b84f50932ee5f919076d554099ab65713f406fb4b5bbe6044e703bce3d82286bd4f94541279cd354b83068cc1933e19c5b59c
-
Filesize
216KB
MD506eb628b77f7b7a1daa2d534f4705342
SHA10b8035511d803b443a4f4e88c4f75d6aa7ea4bc4
SHA256c9a6a979e2ee1d36b488d3fd86ebb6a613c186301ccc118444b597477b5f49ec
SHA512571839694cdc9cc9e6547cdb5b39825833bf11c4ec70c12a416dcd4419b3b1f4bcae887a59d2538635d0315b803b0830de98befeb524e787136db6b258d663b6
-
Filesize
216KB
MD506eb628b77f7b7a1daa2d534f4705342
SHA10b8035511d803b443a4f4e88c4f75d6aa7ea4bc4
SHA256c9a6a979e2ee1d36b488d3fd86ebb6a613c186301ccc118444b597477b5f49ec
SHA512571839694cdc9cc9e6547cdb5b39825833bf11c4ec70c12a416dcd4419b3b1f4bcae887a59d2538635d0315b803b0830de98befeb524e787136db6b258d663b6
-
Filesize
216KB
MD5a87d22974cbb0dd2deb4ad73adcad431
SHA161eaa4d855bca3d3605f1f4af43a7839907c4b11
SHA2560d1ac332554b3011cdd291734516b36fe36ae14ee34b287e31455785411de3f5
SHA512e370f98a8e39377a1a6456cf4ace5536ea87a67fc41ae57a1f629510b426726d66a9e2755309e4776ea189f7a1acc6cbec94cf5d15bbff56ede0635d6b8385f0
-
Filesize
216KB
MD5a87d22974cbb0dd2deb4ad73adcad431
SHA161eaa4d855bca3d3605f1f4af43a7839907c4b11
SHA2560d1ac332554b3011cdd291734516b36fe36ae14ee34b287e31455785411de3f5
SHA512e370f98a8e39377a1a6456cf4ace5536ea87a67fc41ae57a1f629510b426726d66a9e2755309e4776ea189f7a1acc6cbec94cf5d15bbff56ede0635d6b8385f0
-
Filesize
216KB
MD59c83c1eaf1a5013f2025649a40bee2db
SHA188b6c9c6bdbd3697f693cf378647c993c2f2b819
SHA2562803cb8d5db877f348a44d91a09ecb5238ad01272e338e636a70359cda4e4e14
SHA512dd82fedadcb44a193c2f5b0df8c4e1f57a167455f9618e7f3dd64819dccaf75c6d90937ee89c43d0bb0a2c1bab3ac082ceef257d3a1b9cebb13323ebd91724c0
-
Filesize
216KB
MD59c83c1eaf1a5013f2025649a40bee2db
SHA188b6c9c6bdbd3697f693cf378647c993c2f2b819
SHA2562803cb8d5db877f348a44d91a09ecb5238ad01272e338e636a70359cda4e4e14
SHA512dd82fedadcb44a193c2f5b0df8c4e1f57a167455f9618e7f3dd64819dccaf75c6d90937ee89c43d0bb0a2c1bab3ac082ceef257d3a1b9cebb13323ebd91724c0
-
Filesize
216KB
MD5403b0918b6aea249ce99bae9e0ccd339
SHA161ea655c77e79ed4c27dd42b3714072ed1eed3d3
SHA25624ad33182002699121fe940c75e31ccd3eb2e680103b92b599c4a81849847506
SHA5124822549e1b2743bae2e9141c029572b3704b7198856810c4c3654ece2c018f4f3aa5920427bd9b32628a0d5e6135db344c712b09420b150168f861c6884d29ff
-
Filesize
216KB
MD5403b0918b6aea249ce99bae9e0ccd339
SHA161ea655c77e79ed4c27dd42b3714072ed1eed3d3
SHA25624ad33182002699121fe940c75e31ccd3eb2e680103b92b599c4a81849847506
SHA5124822549e1b2743bae2e9141c029572b3704b7198856810c4c3654ece2c018f4f3aa5920427bd9b32628a0d5e6135db344c712b09420b150168f861c6884d29ff
-
Filesize
216KB
MD56a51f390804cb2788a32ace340982bfa
SHA1e1407d62e6dbbb541ea9f1d8033add4b72526363
SHA256c6c46d7c0196bbf551def9192da3fb78aae70c14d09506b2b558236c56386ba4
SHA5124969d33cd5de443007d4a3d14b8f31db01480caf4c8f87198e19202d679f5eb139d7b2020bb3ae661ccb594789eda0e517a300063a8d3496162c67b77c294dc8
-
Filesize
216KB
MD56a51f390804cb2788a32ace340982bfa
SHA1e1407d62e6dbbb541ea9f1d8033add4b72526363
SHA256c6c46d7c0196bbf551def9192da3fb78aae70c14d09506b2b558236c56386ba4
SHA5124969d33cd5de443007d4a3d14b8f31db01480caf4c8f87198e19202d679f5eb139d7b2020bb3ae661ccb594789eda0e517a300063a8d3496162c67b77c294dc8