3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c

Analysis

max time kernel
598s
max time network
601s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 15:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe
Size

282KB
MD5

b02f4fc921150226d12758d8c86e16a4
SHA1

70d0ef0ed57b2f9a508cee5b3652060559ca0d67
SHA256

3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c
SHA512

d98bd244ad460b19e27eb2d76e53c2e84bd050aeaee5fcd3b3f68f9f6d07700441a32168042fde092414b4cb7eb3225a1e5cb3b6b4716ec1fd28bae0ddee676b
SSDEEP

3072:Uxhb2bLEmKFMbPvQnYA6PtIGU2fIetblhPp9Oaq+3PLXTFnM3/WJz0VeO6s:U2bL7KaPvQNGlxhPekjFnzzCZ

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2296	3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe
2296	3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe
2296	3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2296	3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe
Token: SeDebugPrivilege	2296	3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2296	3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe

C:\Users\Admin\AppData\Local\Temp\3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe
"C:\Users\Admin\AppData\Local\Temp\3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\text_log.dbg

Filesize
88B

MD5
0e4286d8d1a8612da0c589f01e2fada4

SHA1
ab60d3f714fff07788fff45508b169bc9565822a

SHA256
dfbec6d6fdfbd96fc22ddbb75acc0b6ae38e433d19bdb5f8421fbccd4767dda8

SHA512
13b28cfa900ad50bb6a106de7168f3de92b302943ece2ace536bd0038d4df76cf5bf31ce637326916465036928fc93800144ae641354baccee26cf8d2b937e1d

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
2KB

MD5
99f170c535ea631644bf137020148f30

SHA1
214908e59504763d67d9edadb5b5ee67e0cecca7

SHA256
11aec63473891750a1917d2859a57090dc7000ad9918e5e904bbffbaa6ab7673

SHA512
e136c4d88494ea53572a33b0c3fb8739d0b54d50400eb0c3028b72c16d45d26a6156373b3cddf080591343c15f836c818b17b2fc7be13af3c087957a48e4d3e4

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
2KB

MD5
3a71436d55fd3247707886adda23c3a4

SHA1
f059595d58acf41a466d3f51ecc17b1b42ece8ff

SHA256
50e96310375d13d45544cc6efef1d565ceb16bd5e0f5b337ac3dbd9fd2d648fe

SHA512
941a8bcabbf54bc0c78182b4fea88e118de3948dd75d9f5bbbd92dc3de7905e854a8d97939f0e254b40fa04a828ccc8c40ccd05181bdb4e3b1c0c8b57cb7401f

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
2KB

MD5
ee1217633e9d6ee761392f5e0f3c7add

SHA1
a2ddebc2f73c6941e5b82fd6aac6d0a1d6c18ed5

SHA256
42dc835c6531df7bd16b6179737205555a76439b9357edec35c492e811450f87

SHA512
14513e4684406d78a730646238d852cdb81600aaad503cb1ad12435ac2deb7bf89aa31db124dce2dc98c44288f3fbafb04afb505b17a7327d6e0f52601de22bb

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
2KB

MD5
44c8abd78daa0c4ad1a6fc39cb297691

SHA1
0d111df0eb22565d448cf81a27837598dfc89aad

SHA256
1ba547dd6f6c2688249118c56ff56b9e2a9059b871938422b204c1f378ee3fbc

SHA512
1b273f986dfab0177262757a911066b636e7270d7361a23130a9ccd8f89b052fdf7fcdd9e4de57ae209fb8a70f6ea4624fdbfec860768a9f91c574ca378a5fd4

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
3KB

MD5
0f23551a0c1c6ba69c47bd4975756d47

SHA1
a7e5bfe2eb4e0b76c876ce51b2996fa169f849df

SHA256
fbdf8c7de36f48760542193b5f200db70596f9a12077860537e4624e66c14272

SHA512
122c1dc3820e657b23b08191c90e925ff400f1acab34b8d29cf5573f8710a63b9bb4b637e1885b6743c84e11249602dbc6177a9d3825bba7e415cd6f61a619d1

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
4KB

MD5
123ffaddf3b2deb47f6b8b068790e28e

SHA1
00291356d0d80b19765ad4ae309cc20cad6804d1

SHA256
81ea9cf3d33f160d87110db9d4e7d49674be8f45f7b17f21c5549490c21811e6

SHA512
427ef798ee6032002dbca8bc691e91f3021b93014bcfa6f85b3157ea94ccd48fe4df91ff7c549d941c303a9a8b63987bf8f269604536d39e5f35db9b5a749f5e

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
37B

MD5
332c5d73d6073bba7d87dbd2aa88681e

SHA1
0c98dd9971426b916b053870fe7c93ba02f9fffc

SHA256
37470e41f73e3e38638535a094b2387c8a6f4dbd7f194acc175899f5c1b5d5c4

SHA512
0ef306ae7607d2bb17accb26818c5101d05437b0f6bc89d9257135c36a9cd6daf9e1ea3594e394df18f0729151b8209780348c7c0d5b84b04422de3b091ff977

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
951B

MD5
c3770c692eac124d0fcae6a42fee2bd1

SHA1
29fa78b8707efef4ac2adb5ea8c3a03722af1aaa

SHA256
333effc3b4a6fe6742edc240dd2fd4324532b18695326127ce00015d10fc8212

SHA512
6a285ab29c89f683a8581777398a63ce7052244a048339f9b3a186d322b490d50300523289c67ca3632af25a8fa97df964c01d3578f4965442310801d7cc24ab

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
1KB

MD5
ef1cf4d902eccfdca5308c723379f08c

SHA1
c79265728ff39c2125f911742adab350cad56393

SHA256
5bc577c094b2963df22b696f1d85a4516ff0e334d9102845aa21015ae6feefb7

SHA512
178437f440c14d4c83b0f8df1de466a8bfc9a05e28c370750847b5a7193c03a9972b216e64c7f471c3e363b1975c95ba7735e2a4e4a1d61b98e7f2c49c849142

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
1KB

MD5
8a7f2cab823b85b0e99c8a20cdb19d8a

SHA1
897041bdd9c5c55a15963d37612cb8001969451b

SHA256
887b0142a65219830190127d713a83bc68815f106112909d6e4410e84e20267a

SHA512
ed874a49d7de8d8b686935fe6ac7ca7ebbe5d3a6eeff9fd4d79890a387be0fcbd301134e5a2fd27b20e9fca8821616480f773ece6ad5bee7877ea35f38ca2d0c

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
1KB

MD5
434faf23b8d649e90ede1ad1241bb952

SHA1
f292fa52bfc53bc0e3519a098c51cf6ccf08712f

SHA256
e931510601965113f2658f6f8c79801376b617aec9f90008d7a5927373b84d15

SHA512
e6ebdafd1fb9d72196fdc64aaff23de6c8f3eecf6982f97cafadf70ecf7a79a280a04c0646f7ea949b2d18512a02e8bcd77c28200ed94e272200b8b2c2a02a88

Download Submit
memory/2296-681-0x0000000000560000-0x0000000000580000-memory.dmp

Filesize
128KB

Download
memory/2296-690-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-674-0x0000000000560000-0x0000000000580000-memory.dmp

Filesize
128KB

Download
memory/2296-682-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-0-0x0000000000CD0000-0x0000000000D1C000-memory.dmp

Filesize
304KB

Download
memory/2296-683-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-684-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-685-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-687-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-688-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-689-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-19-0x000007FEF5AA0000-0x000007FEF648C000-memory.dmp

Filesize
9.9MB

Download
memory/2296-691-0x000007FEF5AA0000-0x000007FEF648C000-memory.dmp

Filesize
9.9MB

Download
memory/2296-692-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-697-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-707-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-698-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-710-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-721-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-723-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-724-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download
memory/2296-727-0x0000000000580000-0x00000000005D1000-memory.dmp

Filesize
324KB

Download