5a58e5378bc914b4c68daf91c8f6e4ee665c71329020df46b6b777de39b69553

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
08/10/2023, 13:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5a58e5378bc914b4c68daf91c8f6e4ee665c71329020df46b6b777de39b69553.exe
Size

15.5MB
MD5

5e68e523c2494f6ceec7eb670b7e52b2
SHA1

67da412143c1f60d74086a0c50fd9f56ff905a17
SHA256

5a58e5378bc914b4c68daf91c8f6e4ee665c71329020df46b6b777de39b69553
SHA512

d9567af7220521646b0272bd8f27812b307b2d288b49a0813f4f88eada9bf1d83e88740a063b62a8bc8299991ee5c9e04665b56dfe49a7b8f405898df5a1f212
SSDEEP

393216:7i3hBtstoOXxV5SKbXqL0ULQLgVinP9abJ4i6mQnm/:GRMtoMxV5SK+L0ULQCiP9bpm/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3228	proxy-setup.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3332	5a58e5378bc914b4c68daf91c8f6e4ee665c71329020df46b6b777de39b69553.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3332 wrote to memory of 3228	3332	5a58e5378bc914b4c68daf91c8f6e4ee665c71329020df46b6b777de39b69553.exe	86
PID 3332 wrote to memory of 3228	3332	5a58e5378bc914b4c68daf91c8f6e4ee665c71329020df46b6b777de39b69553.exe	86

C:\Users\Admin\AppData\Local\Temp\5a58e5378bc914b4c68daf91c8f6e4ee665c71329020df46b6b777de39b69553.exe
"C:\Users\Admin\AppData\Local\Temp\5a58e5378bc914b4c68daf91c8f6e4ee665c71329020df46b6b777de39b69553.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3332
- C:\Users\Admin\AppData\Local\Temp\9D8CA359-C86AEBBC-9E8CD923-C6903A85\proxy-setup.exe
  "C:\Users\Admin\AppData\Local\Temp\9D8CA359-C86AEBBC-9E8CD923-C6903A85\proxy-setup.exe" /distribpath "C:\Users\Admin\AppData\Local\Temp\5a58e5378bc914b4c68daf91c8f6e4ee665c71329020df46b6b777de39b69553.exe"
  2⤵
  - Executes dropped EXE
  PID:3228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Doctor Web\Logs\win-esuite-proxy-setup-starter.log

Filesize
2KB

MD5
5673832876b7f8ebd07bd5b6a5d0ebef

SHA1
e6a6072bcf23634c9e67231a18766c1e867d1472

SHA256
c3f0d8de6f113118fd81c75ed3d9b2d31473793763b0564c4ee29751948f66a7

SHA512
a38b30fd70638869fe3ef34323ce2b10db68a12ea8b223ba4e39b2c6c6d9b1a1c7e9cc8c51cb0cff02239f7e5b13ec6552d1609a75fe3cdcbc138f13bd7c6805

Download Submit
C:\ProgramData\Doctor Web\Logs\win-esuite-proxy-setup-starter.log

Filesize
4KB

MD5
be86e8bd4820ef7b9c0332c663b82432

SHA1
48d16ae30ca476a493dfb56bbb701e24ba967b95

SHA256
8989cf6a1535407f5d22bfe8d4eee0e6ad251096a10b57519267a8f27869c07f

SHA512
58ce63bb899fa7fda620d9c89c65bbd510ccaec16af0089f8b5dbfc136500581a0b490b78bab5f545cafa3fbbb2f6ae9dfde7d763550fe2593b58741258d9687

Download Submit
C:\ProgramData\Doctor Web\Logs\win-esuite-proxy-setup-starter.log

Filesize
1KB

MD5
bd1cf999fd8f9a6f79db8163f2614dd8

SHA1
c84f981a6c7101f23c30c94edd499e39bffb9664

SHA256
334a96e4efdb894589dbe813ad51972a99bf3f1e46b0061720dcc7a30e45be57

SHA512
fbf9f1e050540cd3c3deb384ca0a7c76ff7d525cc858409217298072641e2b37d61ec230202ee9b0e12cc8eee02cce1536b4c88ecf78a011bf2ce296907a25df

Download Submit
C:\Users\Admin\AppData\Local\Temp\9D8CA359-C86AEBBC-9E8CD923-C6903A85\proxy-setup.exe

Filesize
7.3MB

MD5
e47fdbcf38ff116195bb4b7ffe23cd84

SHA1
79ba74acddabb5706f2ab4f3f918baf7b9f1cf67

SHA256
08c5b2d14c5dd72c1b85ed622ca38effb5c749fcd2397664fc2054ac58c5d510

SHA512
e8b0196fd153040e1d850eec984488301cd737eb31886396bb5544d6acbf9b7902d49850ae7c744051f4edc28b8956714a185b841b75f820d661c455c7976126

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads