a522f8997956cea071dc783305018ba65c2563cac618dc31365f34ca31d1eb9d

Analysis

max time kernel
124s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2023, 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
Size

3.9MB
MD5

1ab5592eff26b3f25093765a5f6a305b
SHA1

7f3b99bb23b5cd2627fa5660a64739b7f620da45
SHA256

a522f8997956cea071dc783305018ba65c2563cac618dc31365f34ca31d1eb9d
SHA512

83266ea89e4892f965a4f87a134dbd89ca6ed78b1a252277928942fab2f130598ffaa0ce3b92bb7f5d8851ea64e24cfcf326ea48f85fbf128bc6ee86483ba8b0
SSDEEP

98304:rv6W8zntQwyUgOlHpKjcCAYSmOppy3Olar:r6ftKKlHpUChgr

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3020	Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe

C:\Users\Admin\AppData\Local\Temp\Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe
"C:\Users\Admin\AppData\Local\Temp\Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3dba2b032e844ea98475f6258ce8bb25\ServiceHide.Net.dll

Filesize
102KB

MD5
0b036ce556e8c7c403948068d810f32a

SHA1
3a9fa76153f498c52dec62aa796322b4319602b8

SHA256
fc9bf8465906f8f9c979d976bd833d403af1c0d3000ad555420347794e6c4a4d

SHA512
08493c4400db8c9aca3219c01c906c5031f6ab22ab97b2d2968e673283c86ed4014a136f5f7d97967a5a307ce616d15551ea8d1888027e73995daeb8c3f9343e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3dba2b032e844ea98475f6258ce8bb25\ServiceHide.Net.dll

Filesize
102KB

MD5
0b036ce556e8c7c403948068d810f32a

SHA1
3a9fa76153f498c52dec62aa796322b4319602b8

SHA256
fc9bf8465906f8f9c979d976bd833d403af1c0d3000ad555420347794e6c4a4d

SHA512
08493c4400db8c9aca3219c01c906c5031f6ab22ab97b2d2968e673283c86ed4014a136f5f7d97967a5a307ce616d15551ea8d1888027e73995daeb8c3f9343e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3dba2b032e844ea98475f6258ce8bb25\ServiceHide.Net.dll

Filesize
102KB

MD5
0b036ce556e8c7c403948068d810f32a

SHA1
3a9fa76153f498c52dec62aa796322b4319602b8

SHA256
fc9bf8465906f8f9c979d976bd833d403af1c0d3000ad555420347794e6c4a4d

SHA512
08493c4400db8c9aca3219c01c906c5031f6ab22ab97b2d2968e673283c86ed4014a136f5f7d97967a5a307ce616d15551ea8d1888027e73995daeb8c3f9343e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3dba2b032e844ea98475f6258ce8bb25\ServiceHide.Net.dll

Filesize
102KB

MD5
0b036ce556e8c7c403948068d810f32a

SHA1
3a9fa76153f498c52dec62aa796322b4319602b8

SHA256
fc9bf8465906f8f9c979d976bd833d403af1c0d3000ad555420347794e6c4a4d

SHA512
08493c4400db8c9aca3219c01c906c5031f6ab22ab97b2d2968e673283c86ed4014a136f5f7d97967a5a307ce616d15551ea8d1888027e73995daeb8c3f9343e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3dba2b032e844ea98475f6258ce8bb25\ServiceHide.dll

Filesize
150KB

MD5
0d7c4de3212dac9329f46bb780eac784

SHA1
45c1cc1311c4cbe9e4c39ef48c44d854cce7ac58

SHA256
7ff7055e68fb43ddfda6c7c1e99dfd46b3b76654040dae920de0bb79b67aceb3

SHA512
7f556b23fbce587f5d5370c16337d63258a09333fe1a58fb0966cfd9d96029129e48a460de7b51d5fb561a9bea73bbdf9117c61e88d63aff87f36bd2bbb8fed8

Download Submit
C:\Users\Admin\AppData\Local\Temp\3dba2b032e844ea98475f6258ce8bb25\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Users\Admin\AppData\Local\Temp\3dba2b032e844ea98475f6258ce8bb25\sciter32.dll

Filesize
5.6MB

MD5
b431083586e39d018e19880ad1a5ce8f

SHA1
3bbf957ab534d845d485a8698accc0a40b63cedd

SHA256
b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b

SHA512
7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

Download Submit
C:\Users\Admin\AppData\Local\Temp\3dba2b032e844ea98475f6258ce8bb25\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malicious_11bbb8ca0435040b0d6fd2e57e50f81c6d84f28edabee8c93e96e77483087e0d.exe_1691426278\Resources\OfferPage.html

Filesize
1KB

MD5
1b89a91596bb6a55b1d1359ddfa97dca

SHA1
b28458e2324405fefbd24d1e856e44588cc16bb6

SHA256
b14ff8b15860e373662c8fe25eb7f2ee2775e73a4c1f90b6b8485b085034ce4a

SHA512
e7f82533cbb00145afd9e6cab455e2a20a18d43438a6a7e1a68185a1b845b7540ae86a18baadd936773ac9b523f344a1a056ec965ebfdbba7101d535cea11118

Download Submit
memory/3020-171-0x00000000067E0000-0x0000000006802000-memory.dmp

Filesize
136KB

Download
memory/3020-134-0x0000000000670000-0x0000000000A5E000-memory.dmp

Filesize
3.9MB

Download
memory/3020-135-0x00000000054F0000-0x0000000005500000-memory.dmp

Filesize
64KB

Download
memory/3020-172-0x00000000075F0000-0x0000000007B94000-memory.dmp

Filesize
5.6MB

Download
memory/3020-187-0x0000000007BA0000-0x0000000007C32000-memory.dmp

Filesize
584KB

Download
memory/3020-189-0x0000000075010000-0x00000000757C0000-memory.dmp

Filesize
7.7MB

Download
memory/3020-195-0x00000000054F0000-0x0000000005500000-memory.dmp

Filesize
64KB

Download
memory/3020-133-0x0000000075010000-0x00000000757C0000-memory.dmp

Filesize
7.7MB

Download
memory/3020-210-0x00000000054F0000-0x0000000005500000-memory.dmp

Filesize
64KB

Download