bc8a7dedc9ad7186a0b16a61e0bf3a170e89f054b888df32e25d5dbf198fa2af

Analysis

max time kernel
141s
max time network
154s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
16/08/2023, 03:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

肖筱果_南洋理工大学_软件工程__大学成绩报表.exe
Size

3.8MB
MD5

6e61adc051bfc81df976f6866d80cac5
SHA1

2175c5aaffa7301b1ad4f6609ee7ea89a5a8d38c
SHA256

bc8a7dedc9ad7186a0b16a61e0bf3a170e89f054b888df32e25d5dbf198fa2af
SHA512

d6b85e63d1975bd2b1aa857368ee0dccf91ed18ab7ab86d1988f2dff4b388004becd7ea8e7a93f4ff69108a2793510f2347f26c41aab3f8202f2099e5e7c8b04
SSDEEP

98304:0a4x2hXK0qbkCu6xn0d7q6c9SNKbp3SoWaG35KehxfZO:07YXK0qbkQmd26c9SN+p3SoW9Uehx4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3012	nvcontainer.exe

Loads dropped DLL 1 IoCs

pid	Process
2572	肖筱果_南洋理工大学_软件工程__大学成绩报表.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2572	肖筱果_南洋理工大学_软件工程__大学成绩报表.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3012	nvcontainer.exe
Token: SeDebugPrivilege	3012	nvcontainer.exe
Token: SeDebugPrivilege	3012	nvcontainer.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 3012	2572	肖筱果_南洋理工大学_软件工程__大学成绩报表.exe	28
PID 2572 wrote to memory of 3012	2572	肖筱果_南洋理工大学_软件工程__大学成绩报表.exe	28
PID 2572 wrote to memory of 3012	2572	肖筱果_南洋理工大学_软件工程__大学成绩报表.exe	28

C:\Users\Admin\AppData\Local\Temp\肖筱果_南洋理工大学_软件工程__大学成绩报表.exe
"C:\Users\Admin\AppData\Local\Temp\肖筱果_南洋理工大学_软件工程__大学成绩报表.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Users\Public\Documents\nvcontainer.exe
  C:\Users\Public\Documents\nvcontainer.exe curvy-accouter-missing-broiler
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab2BE3.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Public\Documents\nvcontainer.exe

Filesize
3.8MB

MD5
2703703afc78ce3131bdd6a73b40c29c

SHA1
c4737449d780fa9c4eb0c901a59a3e3b651ad5e2

SHA256
5384f1cb7589d854b72a62f3cd77bae3ff4cdb4942d71a4506e1d189f6dfa1ae

SHA512
da8824f8d41d3d54d2f99a272c0d257d587fb61c6a15adc0238cdb0a6cd18345c36f6175d74ceec79fdf197e306e0ff453644c43be7e9675ca30474e02d848e1

Download Submit
\Users\Public\Documents\nvcontainer.exe

Filesize
3.8MB

MD5
2703703afc78ce3131bdd6a73b40c29c

SHA1
c4737449d780fa9c4eb0c901a59a3e3b651ad5e2

SHA256
5384f1cb7589d854b72a62f3cd77bae3ff4cdb4942d71a4506e1d189f6dfa1ae

SHA512
da8824f8d41d3d54d2f99a272c0d257d587fb61c6a15adc0238cdb0a6cd18345c36f6175d74ceec79fdf197e306e0ff453644c43be7e9675ca30474e02d848e1

Download Submit
memory/3012-57-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-59-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-60-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-61-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-62-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-63-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-64-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-66-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-65-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-67-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-68-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-69-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-70-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-71-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-72-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-73-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-74-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-75-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-76-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-77-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-78-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-79-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-80-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-81-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-82-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-83-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-84-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-85-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-86-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-87-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-88-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-89-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-90-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-91-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-92-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-93-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-94-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-95-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-96-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-98-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-97-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-99-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-100-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-101-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-102-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-103-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-104-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-105-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-106-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-107-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-108-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-109-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-110-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-111-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-112-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-113-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-114-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-115-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-116-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-118-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-117-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-119-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-120-0x0000000006030000-0x0000000006083000-memory.dmp

Filesize
332KB

Download
memory/3012-285-0x0000000032B20000-0x0000000033108000-memory.dmp

Filesize
5.9MB

Download
memory/3012-286-0x0000000032B20000-0x0000000033108000-memory.dmp

Filesize
5.9MB

Download
memory/3012-482-0x0000000032B20000-0x0000000033108000-memory.dmp

Filesize
5.9MB

Download
memory/3012-483-0x0000000032B20000-0x0000000033108000-memory.dmp

Filesize
5.9MB

Download
memory/3012-484-0x0000000032B20000-0x0000000033108000-memory.dmp

Filesize
5.9MB

Download
memory/3012-689-0x0000000032D40000-0x0000000033328000-memory.dmp

Filesize
5.9MB

Download
memory/3012-691-0x0000000032D40000-0x0000000033328000-memory.dmp

Filesize
5.9MB

Download