f7e6fb792dbbf7d7e438da175c4469f60406ff38710f6e0b061f47bf7c3c2936

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 06:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7e6fb792dbbf7d7e438da175c4469f60406ff38710f6e0b061f47bf7c3c2936.exe
Size

3.5MB
MD5

7958a5e43472392489da8be7584d287f
SHA1

0c30b31a227b18f935f7800697b2e68c2e0ab9d6
SHA256

f7e6fb792dbbf7d7e438da175c4469f60406ff38710f6e0b061f47bf7c3c2936
SHA512

39317f32e7a1862faed2a385174a5be3dcd62b6f0e517a3be88c87e936b18f47af57fe89c04da675c0fe80a489527a6198ff67f3c13b4cddabe3336464c1f95a
SSDEEP

24576:e5c9XEou9/juhloIeUkFFtkYrYpcQupVvq3bQ5W7lJvBs:vkm3bQ5W7lJZ

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4428	f7e6fb792dbbf7d7e438da175c4469f60406ff38710f6e0b061f47bf7c3c2936.exe

C:\Users\Admin\AppData\Local\Temp\f7e6fb792dbbf7d7e438da175c4469f60406ff38710f6e0b061f47bf7c3c2936.exe
"C:\Users\Admin\AppData\Local\Temp\f7e6fb792dbbf7d7e438da175c4469f60406ff38710f6e0b061f47bf7c3c2936.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4428-0-0x00000279A2C30000-0x00000279A2FC0000-memory.dmp

Filesize
3.6MB

Download
memory/4428-1-0x00007FFD6DC80000-0x00007FFD6E741000-memory.dmp

Filesize
10.8MB

Download
memory/4428-2-0x00000279A33B0000-0x00000279A33C0000-memory.dmp

Filesize
64KB

Download
memory/4428-5-0x00000279A33B0000-0x00000279A33C0000-memory.dmp

Filesize
64KB

Download
memory/4428-6-0x00000279C0550000-0x00000279C0558000-memory.dmp

Filesize
32KB

Download
memory/4428-7-0x00000279BDCA0000-0x00000279BDCD8000-memory.dmp

Filesize
224KB

Download
memory/4428-8-0x00000279BDC70000-0x00000279BDC7E000-memory.dmp

Filesize
56KB

Download
memory/4428-9-0x00007FFD6DC80000-0x00007FFD6E741000-memory.dmp

Filesize
10.8MB

Download
memory/4428-10-0x00000279BD560000-0x00000279BD6AE000-memory.dmp

Filesize
1.3MB

Download
memory/4428-11-0x00000279A33B0000-0x00000279A33C0000-memory.dmp

Filesize
64KB

Download
memory/4428-12-0x00000279A33B0000-0x00000279A33C0000-memory.dmp

Filesize
64KB

Download