9218c686c937fa977fead2e644b196b80b7a2e46ceba9ac924f75361361c755d

Resubmissions

18-09-2023 22:30

230918-2ezjhsfb97 3

18-09-2023 22:26

230918-2cjqaach9x 6

Analysis

max time kernel
15s
max time network
15s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
18-09-2023 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4RTools.exe
Size

3.6MB
MD5

cae68bd7b5874246f8eb0b3f54ad39e7
SHA1

73a59f80e6b138cd0dc6d3b278a162ef9954b987
SHA256

9218c686c937fa977fead2e644b196b80b7a2e46ceba9ac924f75361361c755d
SHA512

33c411cd2a5b07654596f783f30f602884c4c35852301afd784b6e62db27def2f032b146dc630784ec562335ee29678ec3a419e70ebbbdaae9e7233224a82dae
SSDEEP

49152:/vQZKTcBEOB84ke4Auyj3jQEta+xWw+W7SCBiVyLWw:/vQZScBjB84k2QcJ53ig9

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2232	4RTools.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2232	4RTools.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2232	4RTools.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2232	4RTools.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2232	4RTools.exe

C:\Users\Admin\AppData\Local\Temp\4RTools.exe
"C:\Users\Admin\AppData\Local\Temp\4RTools.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Profile\Default.json

Filesize
2KB

MD5
f30a129678960c58fa7da56dabc30b3a

SHA1
f32cff754648aac5f7adfb9ec0a6f828bda2b7d0

SHA256
14f85f75d3fd2d4585ae90401cf4fc80964c4ef36820ad13e104744b07b00bf1

SHA512
2856a4779625474a13ee3b6d2e6fb46b2bb6f7bf2c4d3e00a76b59c2d262324c70d37e7e28afd671f59e393208bb18d38a0542bcb7089c79ab8af7d56e13c385

Download Submit
C:\Users\Admin\AppData\Local\Temp\Profile\Default.json

Filesize
2KB

MD5
cc6b55ad77c04b9ee988952880092d58

SHA1
2995c9c1853fdb16c90ba9d56c111fe95064c8e3

SHA256
96dffef267e908cfd6b171e1261249bd0469a1f9b009e45b2ccba8dd11fed40c

SHA512
6980686bee112cfb77a94abf6e634f96949943d0b963f99fcd40ce27a0254a38a3bd58e39fbbb380fc238e2a2c206bb7537f70335a1e498f6f0dd1dc930e76d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Profile\Default.json

Filesize
2KB

MD5
ad152c1b947423a949123808ac756503

SHA1
4441465569bb31b89498f8e80eb8c47c2ccf10d2

SHA256
33518bc1573a25ea2aa9345c72f7d579818a054726b157c83bd0b1115d69e65c

SHA512
1d422af69d526a483f12abb7e7789bf6073b0983b8b4f46f87c2218ff83b4936b5bc2be71cb85db423b595d1cfc329a14607186155dfe52823aa78324ac67100

Download Submit
C:\Users\Admin\AppData\Local\Temp\Profile\Default.json

Filesize
3KB

MD5
64586fec9b884249ffeb859996f7d0f6

SHA1
c37d3d8813b83d257705b5bbe5c2537462b924bf

SHA256
b9f3dd7b3dee21569b51538f86e175fcc243632f1520fd2db539bc49ddf9da58

SHA512
0e245ae71445b87d8b55241ad103853477671fa6912d59b50f8aaff60f2e472b9ffa74017a616dd9fd1379952e9190306030464f78c1911c86ab14d81849d208

Download Submit
C:\Users\Admin\AppData\Local\Temp\Profile\Default.json

Filesize
3KB

MD5
06aea71e3074bef5ed3740b525a91810

SHA1
c7e2397695a78d13d50969cdc96eeaab95574ccf

SHA256
7a4a35723b9272f760d04a45f78cf00902befcce8dac32950608d497c7884c03

SHA512
96c7dc134b9ddb5f7ede014a28a0ad060974258acfaba610fea09eafb0603251540acf37aff22af0c39fad07fe2d0937aba5c939dfdf3c0c09efa11f82f7e1cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Profile\Default.json

Filesize
3KB

MD5
32a42b496d78ad5145874627e6cc0b4a

SHA1
7e1be294d453a0187660877961e7126f7c7b1fed

SHA256
5318922f149e6e7240704672b9658626cd2394dc85dc98384e2295fab80b4577

SHA512
9a16a04e6fa4982b6cfe027e044b3de1f8a44e00427e8b3ccf868dc4443f8b99d5e6c8385406f6449fdd9b98c89943ef92bc4c09f594b6a9114c661cc1a784b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Profile\Default.json

Filesize
3KB

MD5
d41894f0cb2a211cf5df33d63b075e1e

SHA1
48a4a12c37e621cfec71fede840754034daf859d

SHA256
1225279a7a20434ea23444790ec381acd2e37926d6856982acb6c7145b53dd71

SHA512
dd88a85e1c008b689e726b3af6f10a2f839958e1250035512e7b54a4008b1f631733838d7cc522b3896c63e5a8d9b3ccdc810484cf087c2fb130aa2355b44a2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Profile\Default.json

Filesize
4KB

MD5
365e59df78b337fe2e32126bceed16b1

SHA1
0429f292ffe414e6e569e119a3696ab74cb3e151

SHA256
317bb37cf01867e1e8ef4bd1b571172456d49b4addc631cf9a0a2e58aa1a726c

SHA512
040fbae2516de9a50bb7cacfa40c62ef759ab391a2e4ead796f5587dfb58361e4b8b265aa2b8aa30c3a912d315078b45cecf9e9c992df26afaeac5f692086d39

Download Submit
memory/2232-1-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download
memory/2232-3-0x0000000005110000-0x00000000051C0000-memory.dmp

Filesize
704KB

Download
memory/2232-2-0x0000000004D40000-0x0000000004D80000-memory.dmp

Filesize
256KB

Download
memory/2232-0-0x00000000000D0000-0x000000000046C000-memory.dmp

Filesize
3.6MB

Download
memory/2232-7-0x0000000004D40000-0x0000000004D80000-memory.dmp

Filesize
256KB

Download
memory/2232-4-0x00000000060F0000-0x00000000062B4000-memory.dmp

Filesize
1.8MB

Download
memory/2232-6-0x0000000004D40000-0x0000000004D80000-memory.dmp

Filesize
256KB

Download
memory/2232-447-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download
memory/2232-448-0x0000000004D40000-0x0000000004D80000-memory.dmp

Filesize
256KB

Download
memory/2232-449-0x0000000074BB0000-0x000000007529E000-memory.dmp

Filesize
6.9MB

Download
memory/2232-450-0x0000000004D40000-0x0000000004D80000-memory.dmp

Filesize
256KB

Download