79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc

Analysis

max time kernel
140s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07-10-2023 09:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
Size

3.4MB
MD5

10465d0f0e7f4adfed0582dc9d3034cd
SHA1

a09363786002a72048eb2dae0e6e6f7f8b45b542
SHA256

79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc
SHA512

8b2de243f01259fc817579a35ab7b9ba11f1226c44074e20fb3ee4df2b5f40ac2ebc97f8db867b0088e642ba4c89adec0ee2816e35af0d0f5a9194bc0d799830
SSDEEP

98304:6SBn1aFVQ0ItRHX9/uO6Edwouo0a9PRI7h1FJK:31t0ahX9/uO6CwU0a95uK

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 13 IoCs

pid	Process
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2388	WMIC.exe
Token: SeSecurityPrivilege	2388	WMIC.exe
Token: SeTakeOwnershipPrivilege	2388	WMIC.exe
Token: SeLoadDriverPrivilege	2388	WMIC.exe
Token: SeSystemProfilePrivilege	2388	WMIC.exe
Token: SeSystemtimePrivilege	2388	WMIC.exe
Token: SeProfSingleProcessPrivilege	2388	WMIC.exe
Token: SeIncBasePriorityPrivilege	2388	WMIC.exe
Token: SeCreatePagefilePrivilege	2388	WMIC.exe
Token: SeBackupPrivilege	2388	WMIC.exe
Token: SeRestorePrivilege	2388	WMIC.exe
Token: SeShutdownPrivilege	2388	WMIC.exe
Token: SeDebugPrivilege	2388	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2388	WMIC.exe
Token: SeRemoteShutdownPrivilege	2388	WMIC.exe
Token: SeUndockPrivilege	2388	WMIC.exe
Token: SeManageVolumePrivilege	2388	WMIC.exe
Token: 33	2388	WMIC.exe
Token: 34	2388	WMIC.exe
Token: 35	2388	WMIC.exe
Token: 36	2388	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2388	WMIC.exe
Token: SeSecurityPrivilege	2388	WMIC.exe
Token: SeTakeOwnershipPrivilege	2388	WMIC.exe
Token: SeLoadDriverPrivilege	2388	WMIC.exe
Token: SeSystemProfilePrivilege	2388	WMIC.exe
Token: SeSystemtimePrivilege	2388	WMIC.exe
Token: SeProfSingleProcessPrivilege	2388	WMIC.exe
Token: SeIncBasePriorityPrivilege	2388	WMIC.exe
Token: SeCreatePagefilePrivilege	2388	WMIC.exe
Token: SeBackupPrivilege	2388	WMIC.exe
Token: SeRestorePrivilege	2388	WMIC.exe
Token: SeShutdownPrivilege	2388	WMIC.exe
Token: SeDebugPrivilege	2388	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2388	WMIC.exe
Token: SeRemoteShutdownPrivilege	2388	WMIC.exe
Token: SeUndockPrivilege	2388	WMIC.exe
Token: SeManageVolumePrivilege	2388	WMIC.exe
Token: 33	2388	WMIC.exe
Token: 34	2388	WMIC.exe
Token: 35	2388	WMIC.exe
Token: 36	2388	WMIC.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 3748	2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe	91
PID 2268 wrote to memory of 3748	2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe	91
PID 2268 wrote to memory of 3748	2268	79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe	91
PID 3748 wrote to memory of 2388	3748	cmd.exe	93
PID 3748 wrote to memory of 2388	3748	cmd.exe	93
PID 3748 wrote to memory of 2388	3748	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe
"C:\Users\Admin\AppData\Local\Temp\79432025b8ea18da6c92dda02c8d7cd08b2815e3a2a21decef17ba5e1be28bbc.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\cmd.exe
  /c wmic diskdrive get serialnumber
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3748
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic diskdrive get serialnumber
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2268-0-0x0000000000400000-0x0000000000A10000-memory.dmp

Filesize
6.1MB

Download
memory/2268-1-0x0000000076B20000-0x0000000076D35000-memory.dmp

Filesize
2.1MB

Download
memory/2268-3875-0x00000000756B0000-0x0000000075850000-memory.dmp

Filesize
1.6MB

Download
memory/2268-5884-0x00000000766C0000-0x000000007673A000-memory.dmp

Filesize
488KB

Download
memory/2268-13069-0x0000000000400000-0x0000000000A10000-memory.dmp

Filesize
6.1MB

Download
memory/2268-13070-0x0000000000400000-0x0000000000A10000-memory.dmp

Filesize
6.1MB

Download
memory/2268-13071-0x0000000000400000-0x0000000000A10000-memory.dmp

Filesize
6.1MB

Download
memory/2268-13072-0x0000000000400000-0x0000000000A10000-memory.dmp

Filesize
6.1MB

Download
memory/2268-13074-0x0000000000400000-0x0000000000A10000-memory.dmp

Filesize
6.1MB

Download
memory/2268-13075-0x0000000000400000-0x0000000000A10000-memory.dmp

Filesize
6.1MB

Download
memory/2268-13076-0x0000000000400000-0x0000000000A10000-memory.dmp

Filesize
6.1MB

Download
memory/2268-13077-0x0000000010000000-0x0000000010059000-memory.dmp

Filesize
356KB

Download
memory/2268-13078-0x0000000000400000-0x0000000000A10000-memory.dmp

Filesize
6.1MB

Download