9200a8a400865b02e3ed94fbaaf553bf6c7b52ee8d50fcc2671c2f41c1513812

Analysis

max time kernel
84s
max time network
82s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2023, 13:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

199668462be2edab3dccf4fd318cc672.exe
Size

3.2MB
MD5

199668462be2edab3dccf4fd318cc672
SHA1

36e228f9c499eb8a77eef9eec2fd7fa188c8403e
SHA256

9200a8a400865b02e3ed94fbaaf553bf6c7b52ee8d50fcc2671c2f41c1513812
SHA512

ca4216b3850dedca0a7cd92e0681cdd0bf2d7a5c5fbb1d364e8d2d7b103408567f56ab01f31e55cfb6992f07d505f82f0b242fd53a29f9934aaa9dac09e99eab
SSDEEP

98304:Z17NGWdUu8oibIXPkfqIkQ9n2N7HhyN2mTBNS:bBGWdU9feQQLhtE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1108	IsPublic.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4392 set thread context of 4876	4392	199668462be2edab3dccf4fd318cc672.exe	97

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4392	199668462be2edab3dccf4fd318cc672.exe
Token: SeDebugPrivilege	4876	199668462be2edab3dccf4fd318cc672.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 4876	4392	199668462be2edab3dccf4fd318cc672.exe	97
PID 4392 wrote to memory of 4876	4392	199668462be2edab3dccf4fd318cc672.exe	97
PID 4392 wrote to memory of 4876	4392	199668462be2edab3dccf4fd318cc672.exe	97
PID 4392 wrote to memory of 4876	4392	199668462be2edab3dccf4fd318cc672.exe	97
PID 4392 wrote to memory of 4876	4392	199668462be2edab3dccf4fd318cc672.exe	97
PID 4392 wrote to memory of 4876	4392	199668462be2edab3dccf4fd318cc672.exe	97
PID 4392 wrote to memory of 4876	4392	199668462be2edab3dccf4fd318cc672.exe	97
PID 4392 wrote to memory of 4876	4392	199668462be2edab3dccf4fd318cc672.exe	97

C:\Users\Admin\AppData\Local\Temp\199668462be2edab3dccf4fd318cc672.exe
"C:\Users\Admin\AppData\Local\Temp\199668462be2edab3dccf4fd318cc672.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Users\Admin\AppData\Local\Temp\199668462be2edab3dccf4fd318cc672.exe
  C:\Users\Admin\AppData\Local\Temp\199668462be2edab3dccf4fd318cc672.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4876

C:\Users\Admin\AppData\Local\PercentGroupSizes\opdgiur\IsPublic.exe
C:\Users\Admin\AppData\Local\PercentGroupSizes\opdgiur\IsPublic.exe
1⤵
- Executes dropped EXE
PID:1108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\199668462be2edab3dccf4fd318cc672.exe.log

Filesize
1KB

MD5
f7047b64aa01f9d80c7a5e177ce2485c

SHA1
bab6005f4a30f12ee36b9abf6bfdfaa5411bbff8

SHA256
807356d2424d2d04f51ebd56f926d4d5a8318bc947c76569a3b5ca2c2f279915

SHA512
a9af5ace72eb66a6156a5d8764031cdc46feefffabb6898651f91a5af7f3bcef645e63e8d01ed35f1105e824d6830f6fa97e70adda2d5b148ffaff5f54ca248f

Download Submit
C:\Users\Admin\AppData\Local\PercentGroupSizes\opdgiur\IsPublic.exe

Filesize
1.6MB

MD5
48404f7b27744c3e5fdbc2aeff625ec1

SHA1
068e0cb991929d4a051ef8a9b4f6d1ea2a194a89

SHA256
6c200ccbf382d0ac1b6fc1b4cff7d6c657735697b64496f648cb19bb464b404f

SHA512
7c567754e1ea10bbba4b7ee95aaa176353e10101846b54410ffee423d56dd1d20c8ece8d965052a36ec30174de7b7225fa07ad1d2b60a0185806aa855da672e1

Download Submit
C:\Users\Admin\AppData\Local\PercentGroupSizes\opdgiur\IsPublic.exe

Filesize
384KB

MD5
35249c43856f5efa029b09e428f0ebc5

SHA1
99736098c4ca18dd58cbf4ab9017d46e9b0bafde

SHA256
4fddd5a32b14cb32ca13b803545cc9c2100e4c998a7a820773ed39a130e44f90

SHA512
be476ef52cb6535c649287c6b6fe163793bd28d0aea374f4f575a226e1d14c5fc0f77077c7a4610540380f05ef1d78b80c27465c01b1ac63488cca5989e1036c

Download Submit
memory/1108-2228-0x0000000075090000-0x0000000075840000-memory.dmp

Filesize
7.7MB

Download
memory/4392-1-0x0000000000230000-0x0000000000562000-memory.dmp

Filesize
3.2MB

Download
memory/4392-0-0x0000000075090000-0x0000000075840000-memory.dmp

Filesize
7.7MB

Download
memory/4392-2-0x0000000002950000-0x0000000002960000-memory.dmp

Filesize
64KB

Download
memory/4392-3-0x0000000004EA0000-0x0000000004F7A000-memory.dmp

Filesize
872KB

Download
memory/4392-4-0x0000000004FF0000-0x00000000050C8000-memory.dmp

Filesize
864KB

Download
memory/4392-5-0x0000000005230000-0x00000000052F8000-memory.dmp

Filesize
800KB

Download
memory/4392-6-0x0000000005300000-0x000000000534C000-memory.dmp

Filesize
304KB

Download
memory/4392-7-0x0000000005440000-0x00000000054D2000-memory.dmp

Filesize
584KB

Download
memory/4392-8-0x00000000054E0000-0x0000000005546000-memory.dmp

Filesize
408KB

Download
memory/4392-9-0x0000000005B00000-0x00000000060A4000-memory.dmp

Filesize
5.6MB

Download
memory/4392-10-0x0000000075090000-0x0000000075840000-memory.dmp

Filesize
7.7MB

Download
memory/4392-11-0x0000000002950000-0x0000000002960000-memory.dmp

Filesize
64KB

Download
memory/4392-17-0x0000000075090000-0x0000000075840000-memory.dmp

Filesize
7.7MB

Download
memory/4876-12-0x0000000000400000-0x00000000004AC000-memory.dmp

Filesize
688KB

Download
memory/4876-18-0x00000000056E0000-0x00000000056F0000-memory.dmp

Filesize
64KB

Download
memory/4876-16-0x00000000054F0000-0x00000000055D6000-memory.dmp

Filesize
920KB

Download
memory/4876-15-0x0000000075090000-0x0000000075840000-memory.dmp

Filesize
7.7MB

Download
memory/4876-19-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-20-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-22-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-24-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-26-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-28-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-30-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-32-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-34-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-36-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-38-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-40-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-42-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-44-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-46-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-48-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-50-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-52-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-54-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-56-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-58-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-60-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-62-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-64-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-66-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-68-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-70-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-72-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-74-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-76-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-78-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-80-0x00000000054F0000-0x00000000055D1000-memory.dmp

Filesize
900KB

Download
memory/4876-1228-0x0000000075090000-0x0000000075840000-memory.dmp

Filesize
7.7MB

Download
memory/4876-1605-0x00000000056E0000-0x00000000056F0000-memory.dmp

Filesize
64KB

Download
memory/4876-2221-0x00000000056B0000-0x00000000056B8000-memory.dmp

Filesize
32KB

Download
memory/4876-2222-0x00000000057F0000-0x0000000005846000-memory.dmp

Filesize
344KB

Download
memory/4876-2223-0x0000000005EE0000-0x0000000005F34000-memory.dmp

Filesize
336KB

Download
memory/4876-2225-0x0000000075090000-0x0000000075840000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads