d7c9089b5bdc59c4478cd081ccda8b4b2b2d018d836fa95dae39b8e7456fae7f

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
10-09-2023 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4.exe
Size

3.6MB
MD5

5f402b45d312bc4f55a64e12cf7ba2c9
SHA1

c78d625621195ea27216c79136b6b09a1896439d
SHA256

c99b88893104c1970f71c6086d2910072c2ed4eb09824a11dde4cf1f8f7aa1df
SHA512

1cdb012dff83624f8efd1b315c4cdd0ea51c2eb67858c930951f49e7758f20886359249b62c18b8b7bd43a4a3d0c76f85f4252059ea48915599c690d68571d5a
SSDEEP

49152:KA+kLL7LdMsste6ESz6cYHmyRtuGlsXbkKuLzsxtPZSbM820S:n30j6rmgtvlkysxRz

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

svchost.exe

description pid process

Token: SeManageVolumePrivilege 3768 svchost.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

4.exe

description pid process target process

PID 4744 wrote to memory of 2920 4744 4.exe curl.exe
PID 4744 wrote to memory of 2920 4744 4.exe curl.exe

description	pid	process
Token: SeManageVolumePrivilege	3768	svchost.exe

description	pid	process	target process
PID 4744 wrote to memory of 2920	4744	4.exe	curl.exe
PID 4744 wrote to memory of 2920	4744	4.exe	curl.exe

C:\Users\Admin\AppData\Local\Temp\4.exe
"C:\Users\Admin\AppData\Local\Temp\4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4744

C:\Windows\system32\curl.exe
curl https://myip.ipip.net/
2⤵
PID:2920

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3172

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3768-0-0x0000015BCC740000-0x0000015BCC750000-memory.dmp

Filesize
64KB

Download
memory/3768-16-0x0000015BCC840000-0x0000015BCC850000-memory.dmp

Filesize
64KB

Download
memory/3768-32-0x0000015BD4E10000-0x0000015BD4E11000-memory.dmp

Filesize
4KB

Download
memory/3768-33-0x0000015BD4E40000-0x0000015BD4E41000-memory.dmp

Filesize
4KB

Download
memory/3768-34-0x0000015BD4E40000-0x0000015BD4E41000-memory.dmp

Filesize
4KB

Download
memory/3768-35-0x0000015BD4E40000-0x0000015BD4E41000-memory.dmp

Filesize
4KB

Download
memory/3768-36-0x0000015BD4E40000-0x0000015BD4E41000-memory.dmp

Filesize
4KB

Download
memory/3768-37-0x0000015BD4E40000-0x0000015BD4E41000-memory.dmp

Filesize
4KB

Download
memory/3768-38-0x0000015BD4E40000-0x0000015BD4E41000-memory.dmp

Filesize
4KB

Download
memory/3768-39-0x0000015BD4E40000-0x0000015BD4E41000-memory.dmp

Filesize
4KB

Download
memory/3768-40-0x0000015BD4E40000-0x0000015BD4E41000-memory.dmp

Filesize
4KB

Download
memory/3768-41-0x0000015BD4E40000-0x0000015BD4E41000-memory.dmp

Filesize
4KB

Download
memory/3768-42-0x0000015BD4E40000-0x0000015BD4E41000-memory.dmp

Filesize
4KB

Download
memory/3768-43-0x0000015BD4A60000-0x0000015BD4A61000-memory.dmp

Filesize
4KB

Download
memory/3768-44-0x0000015BD4A50000-0x0000015BD4A51000-memory.dmp

Filesize
4KB

Download
memory/3768-46-0x0000015BD4A60000-0x0000015BD4A61000-memory.dmp

Filesize
4KB

Download
memory/3768-49-0x0000015BD4A50000-0x0000015BD4A51000-memory.dmp

Filesize
4KB

Download
memory/3768-52-0x0000015BD4990000-0x0000015BD4991000-memory.dmp

Filesize
4KB

Download
memory/3768-64-0x0000015BD4B90000-0x0000015BD4B91000-memory.dmp

Filesize
4KB

Download
memory/3768-66-0x0000015BD4BA0000-0x0000015BD4BA1000-memory.dmp

Filesize
4KB

Download
memory/3768-67-0x0000015BD4BA0000-0x0000015BD4BA1000-memory.dmp

Filesize
4KB

Download
memory/3768-68-0x0000015BD4CB0000-0x0000015BD4CB1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads