3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c

Analysis

max time kernel
600s
max time network
605s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
10/10/2023, 15:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe
Size

282KB
MD5

b02f4fc921150226d12758d8c86e16a4
SHA1

70d0ef0ed57b2f9a508cee5b3652060559ca0d67
SHA256

3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c
SHA512

d98bd244ad460b19e27eb2d76e53c2e84bd050aeaee5fcd3b3f68f9f6d07700441a32168042fde092414b4cb7eb3225a1e5cb3b6b4716ec1fd28bae0ddee676b
SSDEEP

3072:Uxhb2bLEmKFMbPvQnYA6PtIGU2fIetblhPp9Oaq+3PLXTFnM3/WJz0VeO6s:U2bL7KaPvQNGlxhPekjFnzzCZ

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2348	3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe
2348	3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe
2348	3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2348	3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe
Token: SeDebugPrivilege	2348	3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2348	3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe

C:\Users\Admin\AppData\Local\Temp\3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe
"C:\Users\Admin\AppData\Local\Temp\3309963bded5870306c80588776bbf779ea00479458e5ff1680626457e74628c.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\text_log.dbg

Filesize
8KB

MD5
eea2c201e0bcb2ffb0843ac4c01c60aa

SHA1
22ae2337e92e4fd9f3fbbd044b46ff07a4ce3383

SHA256
96ba7dbddadea096a7208052e7eb80fc6349a199b005b52a9764dc469b0d67e9

SHA512
28c2234b69611b4962fd14424ebff9c04b0c43f1d4f9954e85243d7b202134889d95e8469e6cbd7004dd7d545e473741c76bb6c8a07e1de50e5bd618b5f0cf76

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
143B

MD5
84c61266c4df6d659cd04b9254b04b5a

SHA1
a2d3991b3605af9b28e478f27d23d4bd3fa17e72

SHA256
16c03d419d265d897fb7687921566db0132fa525e22deb4cba178e25c924e04e

SHA512
4ebf510bb6df60dd2a2de18cc62432ff450a1a49369579d42d5b289e8adca2cd6472ad7b28b05688517b91b5d0a3c4797ea2e345b2e0cbcfc170647d83a2f7fe

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
578B

MD5
d7a5c4ac69a390bd6f0756c4765b8a7d

SHA1
6f133e6c900075f4a4efb712f1b2a4b57d79a455

SHA256
d815575ad4bad1c6fc9009e6796c0963709000db866cd6affc55d742724985f5

SHA512
e04e550ad7ba8be46aa9fa668a4ffb58783f8d45b4ff37cc914fa243e28fe34050bfb6e1cbcb2756b74f38bfe039e4aaa22a347f64a57f217a06e6325d45bc9a

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
709B

MD5
bb8084ee6fbf9936828e126664e0178f

SHA1
d945ec884d9350581e9463f9d2aac941ee5e50dd

SHA256
fe6ed5a7b6cee261c9d2c7e47c00d28f3518e5d4b959582bb7867ae83833e909

SHA512
3fd8cf7ffbc98809f008d1f378a40c97d5d85babe02ca7dd5b703597eda8d39682374ddde0f2ee3582545d8a382a7e8a207b3ad2ae2a7a9e07d10e9cec8831bb

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
37B

MD5
332c5d73d6073bba7d87dbd2aa88681e

SHA1
0c98dd9971426b916b053870fe7c93ba02f9fffc

SHA256
37470e41f73e3e38638535a094b2387c8a6f4dbd7f194acc175899f5c1b5d5c4

SHA512
0ef306ae7607d2bb17accb26818c5101d05437b0f6bc89d9257135c36a9cd6daf9e1ea3594e394df18f0729151b8209780348c7c0d5b84b04422de3b091ff977

Download Submit
C:\Windows\Temp\text_log.dbg

Filesize
1KB

MD5
75f5061a3e0699a05564a12998ce36f6

SHA1
0025dd6e6b0a22fbb76b53f47d5d69a57cca975a

SHA256
d22a814f3df7b92b4676429ddc1f43d9bbea9096a335444197e975679cc50180

SHA512
a0e38e32b0100d58d79a0b7792580db2032a8e33892de37b955d99ab60cc48afe874ebbbec6b6367c04c252546e416e0a45d2aaf92f63eb5aa2c415b88dad952

Download Submit
memory/2348-682-0x0000000002D20000-0x0000000002D71000-memory.dmp

Filesize
324KB

Download
memory/2348-687-0x0000000002D20000-0x0000000002D71000-memory.dmp

Filesize
324KB

Download
memory/2348-674-0x0000000001440000-0x0000000001460000-memory.dmp

Filesize
128KB

Download
memory/2348-683-0x0000000002D20000-0x0000000002D71000-memory.dmp

Filesize
324KB

Download
memory/2348-0-0x0000000000B50000-0x0000000000B9C000-memory.dmp

Filesize
304KB

Download
memory/2348-681-0x0000000001440000-0x0000000001460000-memory.dmp

Filesize
128KB

Download
memory/2348-684-0x0000000002D20000-0x0000000002D71000-memory.dmp

Filesize
324KB

Download
memory/2348-356-0x00007FFE7BBE0000-0x00007FFE7C5CC000-memory.dmp

Filesize
9.9MB

Download
memory/2348-688-0x0000000002D20000-0x0000000002D71000-memory.dmp

Filesize
324KB

Download
memory/2348-689-0x0000000002D20000-0x0000000002D71000-memory.dmp

Filesize
324KB

Download
memory/2348-690-0x0000000002D20000-0x0000000002D71000-memory.dmp

Filesize
324KB

Download
memory/2348-691-0x0000000002D20000-0x0000000002D71000-memory.dmp

Filesize
324KB

Download
memory/2348-697-0x0000000002D20000-0x0000000002D71000-memory.dmp

Filesize
324KB

Download
memory/2348-699-0x00007FFE7BBE0000-0x00007FFE7C5CC000-memory.dmp

Filesize
9.9MB

Download
memory/2348-698-0x0000000002D20000-0x0000000002D71000-memory.dmp

Filesize
324KB

Download
memory/2348-707-0x0000000002D20000-0x0000000002D71000-memory.dmp

Filesize
324KB

Download