357d5e993e6ff9d91b2c49d4bc01a0aea465b737c0e8bc21b4cf21ff1a6824bb

Analysis

max time kernel
564s
max time network
593s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2023 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

labymod4-installer.exe
Size

4.5MB
MD5

ff808f2bcef1b2d33eeee8678fa2c42d
SHA1

c1f640a45ee396f4dc70bb50ead02b0899a66122
SHA256

357d5e993e6ff9d91b2c49d4bc01a0aea465b737c0e8bc21b4cf21ff1a6824bb
SHA512

dff690c735b63fcadb0f981f792eed77f7c5af58b0f11f03d365bf3b75da04fb2898d48ab6621e979f5a81aa27856ddedef0949ef2e9bc1dcc98daf98b536b87
SSDEEP

98304:q2RqljXnSurf6OJRF1/o+tBOS32jXaq4LVTgIp+LD/CQKLSPq:qZdNVo+t72jXuZGCNSi

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{9D129308-AD72-490F-99F8-C815E0D81FCF}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2836	labymod4-installer.exe
Token: SeManageVolumePrivilege	4832	svchost.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2836	labymod4-installer.exe
2836	labymod4-installer.exe

C:\Users\Admin\AppData\Local\Temp\labymod4-installer.exe
"C:\Users\Admin\AppData\Local\Temp\labymod4-installer.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:4324

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2848

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wsu4544.tmp

Filesize
14KB

MD5
c01eaa0bdcd7c30a42bbb35a9acbf574

SHA1
0aee3e1b873e41d040f1991819d0027b6cc68f54

SHA256
32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

SHA512
d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
f5afcf4c8f35e970d6e319a63ab43eb2

SHA1
7c46c2a8fcf7e42c208b83917097f9725c533502

SHA256
4e426ea50ad5d586006be30cbe9e00c7e358a6286731735e1e0192778be2b1f6

SHA512
a4d2ad9b001f5cf842092e75b673c0975c798c982e48f6dc09ccca4a95182e24e9813b57ef6fe6dc9b8c65528e1efd5e717b001dbaf63aab59124b666fd6b172

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
a6892da14d80989feb9cad1aba8f6056

SHA1
e41758afb5f59be2302ef3190885c64addd4d126

SHA256
2df73ff005802aaef67d2593b15d682c5a89893c452b2e501496ce562b917b9e

SHA512
234cbb35a3a7bde09a47272f1ef864ec579aa8b84103c358b695cecd72599490bc8088f89cda1a25ddd773ea44b61aa752676ef5d3708af96cf0733326bd4c42

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
0c0194be222daf2b52e6c0ac577c67e2

SHA1
8b6e4ca3c2cbd417be3804a30dbc762ec2076e9a

SHA256
d41dcbd5530430697a61e7a4182617a9fc482006447537aa45eaa60131c96bb3

SHA512
2ed9bfb0ef9735e1b18aa5e5754ce04d55735b54b52538a009b084875fd1752099f46f56e1863d6d2686fafd2a87d79408b2b397f43bdf92104bd6415bebc232

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
f912211f08763616c7db47178802cf51

SHA1
3cf9c9fa32cee5b3b9908d777aea3ad6afa17f4f

SHA256
d13665ceb4a37d9bf4702ec6492d416c704e86d7f692c47abf9bfee1173ed8a9

SHA512
f74271e7aa83c80a8e5b957659e460a306cd5127618540d1ac1a0300d19141658d572d2a614d6747c76f6565c2637b2f6e64743ee516a59bca7d0bd58992b9ae

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
1b5a164a80a76939c47ecf45401fde86

SHA1
7448c5e5e81faffc0687f9f68c78612dceb9f98b

SHA256
d9c88c2208e9f98654c43f8c8581e40b7c6eed4c00e6e78bd48554747f0d1fa0

SHA512
9cda0a7cc8fdc79dcf8b3f5e11e108fa308e96da5b3f67d800cab8b94991c7e47257ec85a106c52b2c3782fbb7805ce854cf6edd7c08eba6f9f96ff9bd4e56ca

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
21cbccc451b4c19552fb56f7e74ed322

SHA1
cc197b7ee6e9dee4147518e59d741ce63caefece

SHA256
c920a5a116c57d210bf85ae44c3a892679bb5d16a0c0b454c408578934b4c48c

SHA512
27da168c8ac155d543a4e5b933569f320b1b771ef70f82abc6ac10382d7b73eefc556e14da18c33a597a8113b564f2ea82011ee9981f35f407be915ed15929b3

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
fde09e30ad9623a8811360c438918d34

SHA1
c574d468b5fdc465981334d7d9c68655e25ae4a9

SHA256
a782c46254d2c50ee95b9b543988843993af35155ed6a569fc3d8123c49b74d1

SHA512
883c41714c571a7a3fabe733a76073d0f3bffec4fcccd57aa4e55afdcbda87a445f1c7a4993f23336b097e824a24bc063bfe3a84f63402949b3e3299e14b6f88

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
0be7fc810d7e1fa1a290c66ed16eab84

SHA1
44f1e134407ef1c996544552472bea8c509d17d0

SHA256
3f78dbfd52c4429b51fcfb86cabf2cac256543869487b7d7a74b982a82c94d3a

SHA512
bb20e0a695836e1b4d3a7d2b708b51538819a2af579552b3ec00264d552cffcd7f7e75d5a68f5eed061960e5643bb7777d0cd87696a039307003d9922637dd8d

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
470fdb92c5562a4070a1100ae1c1d952

SHA1
29f41342fd591101fff8723b844495e968aaac5c

SHA256
13fc5bf17d52b5463e90e777ea4a4cfaa1f0a915db9336545aa092384d5acc2c

SHA512
3707188bbd15467fe9b0e6af494f0d2ca5e703c1e9aaa1937fa578ad6368ee6049ffab256ef77459683b47a3beb9c1d3e4ad419d441013cb339a377ccc780480

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
ef6df42e4cfe4dfa8f6d1d1a98b3c718

SHA1
bdae5d3380a75dd8166346ed1e2e47279df0b4e4

SHA256
bda2dfb56a5299e66be6fe7300e6256c1ba72a187bf05259a8609563a24c92d2

SHA512
6c21a81578f36d367fb6ec025810ce0ef766b0f41340137833ae311e31eac66a75becbcb8f9f419b38243c5b87b4fe31f87b1eac75017cae61994925f15af9f3

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
a6262ab4f9e8c8faa874c6b1ab430689

SHA1
dc39c3f01de3e15bf018c8ac52f0e951c9e5c77d

SHA256
64c83b46ed24d776b9e61b8b09d68039a1cbc6bee64e4b1f7da1e1d309fc7dd1

SHA512
c059a8580c5713f2b2bcc481ac68ec91ccbbf28b701fb8fbd7111a8690a5ecc5adb3e671ee669a7d6929914453468392c3d881244d2411e1b0060a159afcf34d

Download Submit
memory/2836-145-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/2836-146-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/2836-147-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/2836-133-0x0000000075320000-0x0000000075AD0000-memory.dmp

Filesize
7.7MB

Download
memory/2836-144-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/2836-143-0x000000000BB30000-0x000000000C2D6000-memory.dmp

Filesize
7.6MB

Download
memory/2836-142-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/2836-141-0x0000000075320000-0x0000000075AD0000-memory.dmp

Filesize
7.7MB

Download
memory/2836-140-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/2836-139-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/2836-138-0x0000000005460000-0x000000000546A000-memory.dmp

Filesize
40KB

Download
memory/2836-137-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/2836-136-0x0000000005300000-0x0000000005392000-memory.dmp

Filesize
584KB

Download
memory/2836-134-0x0000000000430000-0x00000000008B4000-memory.dmp

Filesize
4.5MB

Download
memory/2836-135-0x0000000005810000-0x0000000005DB4000-memory.dmp

Filesize
5.6MB

Download
memory/4832-549-0x000001A153E70000-0x000001A153E71000-memory.dmp

Filesize
4KB

Download
memory/4832-556-0x000001A153AA0000-0x000001A153AA1000-memory.dmp

Filesize
4KB

Download
memory/4832-547-0x000001A153E70000-0x000001A153E71000-memory.dmp

Filesize
4KB

Download
memory/4832-548-0x000001A153E70000-0x000001A153E71000-memory.dmp

Filesize
4KB

Download
memory/4832-545-0x000001A153E50000-0x000001A153E51000-memory.dmp

Filesize
4KB

Download
memory/4832-550-0x000001A153E70000-0x000001A153E71000-memory.dmp

Filesize
4KB

Download
memory/4832-551-0x000001A153E70000-0x000001A153E71000-memory.dmp

Filesize
4KB

Download
memory/4832-552-0x000001A153E70000-0x000001A153E71000-memory.dmp

Filesize
4KB

Download
memory/4832-553-0x000001A153E70000-0x000001A153E71000-memory.dmp

Filesize
4KB

Download
memory/4832-554-0x000001A153E70000-0x000001A153E71000-memory.dmp

Filesize
4KB

Download
memory/4832-555-0x000001A153E70000-0x000001A153E71000-memory.dmp

Filesize
4KB

Download
memory/4832-546-0x000001A153E70000-0x000001A153E71000-memory.dmp

Filesize
4KB

Download
memory/4832-557-0x000001A153A90000-0x000001A153A91000-memory.dmp

Filesize
4KB

Download
memory/4832-559-0x000001A153AA0000-0x000001A153AA1000-memory.dmp

Filesize
4KB

Download
memory/4832-562-0x000001A153A90000-0x000001A153A91000-memory.dmp

Filesize
4KB

Download
memory/4832-565-0x000001A1539D0000-0x000001A1539D1000-memory.dmp

Filesize
4KB

Download
memory/4832-577-0x000001A153BD0000-0x000001A153BD1000-memory.dmp

Filesize
4KB

Download
memory/4832-579-0x000001A153BE0000-0x000001A153BE1000-memory.dmp

Filesize
4KB

Download
memory/4832-580-0x000001A153BE0000-0x000001A153BE1000-memory.dmp

Filesize
4KB

Download
memory/4832-581-0x000001A153CF0000-0x000001A153CF1000-memory.dmp

Filesize
4KB

Download
memory/4832-529-0x000001A14B860000-0x000001A14B870000-memory.dmp

Filesize
64KB

Download
memory/4832-513-0x000001A14B760000-0x000001A14B770000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads