05985808b74397b92d38a6746eae1511c40a30c9359b068d95981afc3e830636

Analysis

max time kernel
156s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 07:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ABCdistive_th2a1.exe
Size

66.4MB
MD5

06c82b48e32820c364e29154c2712ab7
SHA1

b66b4b06ea02f4278ca0dc9834b96ae92092057a
SHA256

05985808b74397b92d38a6746eae1511c40a30c9359b068d95981afc3e830636
SHA512

17f4580cae3d5edff09a7f30a78463b749a6ddbb1f68beba5318e73dc2688955edeeaf99bd07a55de5e72256b799ae035fe6a974726b912376178d4f9e54368d
SSDEEP

393216:w+t/msxPOzdZsnoFI5yKrs11tVTKLb7NrzAmqreMZHpoaE7WbUgXPmcxpR7h5yXZ:5/W3lKuTKLb7lNU9DqV7/FFqs

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 17 IoCs

pid	Process
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe
3548	ABCdistive_th2a1.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3548	ABCdistive_th2a1.exe

C:\Users\Admin\AppData\Local\Temp\ABCdistive_th2a1.exe
"C:\Users\Admin\AppData\Local\Temp\ABCdistive_th2a1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\Microsoft.Win32.Primitives.dll

Filesize
21KB

MD5
2819e49590702c7d5b25e5193f3d878c

SHA1
a8b40565b87f00396fd3da3a53b0ee05181258d2

SHA256
34d907731ad4fa3c4aea0cebf231b76d8f692bef981e1b80d32674cbfc43870f

SHA512
65d3595e791652f9a7a450a699ae894394d84c9c59ee768539b1ff0397a5ef743f711c7e352e4604b3b7d585b3508eebbd05b95ce73a433d5eb0e4ddfb40c261

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\System.Collections.dll

Filesize
324KB

MD5
8809a9e2be8fb2e615bf938c0bcf3d92

SHA1
25cdf1536f2282303b2cfa5767751673236858bc

SHA256
01b94c8bf90a85c7529121e9e4ebaf3d8f6201947bcac758e205a6ca95af2182

SHA512
39e333b8072423374de5f794517cdfc8591c4e11db05b9d37c54d45cb5dcb598b4d4dcf25c1619c14ef0a3718da89ba5124b6820ffff43813016a3c669609c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\System.ComponentModel.Primitives.dll

Filesize
52KB

MD5
f2804d03f0c58d77d4e5b40eade26fe3

SHA1
6f5ade6b0e95a7047b01857ef152f9f5d27af787

SHA256
04db98d67bc5aa661671ee2a25f616dc2573fb41bafb91719ee29b39c4ce5d07

SHA512
895639b51d90ec47f22ca54c350609e14500ab0a34a6f59c8861526dc9b396efc3206980d3a8c1a0e18b7edeb928738b6e7f24d19be459e85475857b155d6529

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\System.Diagnostics.Process.dll

Filesize
251KB

MD5
0aa70e40569159b46282272d8c80fce5

SHA1
6fa6bf4617bc3f66bbee28c8b0c790720dc5ed18

SHA256
5446e4fa9dd87fa91f5db8feca2a07b10df432902d2ba2506bc9ab09dae7a03e

SHA512
5c38c83c220ce7fd832cfc32ce19472546a13495c6e1f4dc1c036e96872208aa71d171dc5fcca38fc7951e8b4d35f9ca8dc3b67210be0b1d828182200bc736fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\System.Memory.dll

Filesize
176KB

MD5
307413c58da45b5ea19c9837cb769797

SHA1
1c8edaea9ea405e9bf224dceb5705e5789c2554a

SHA256
9f108e0b9ab775737ad708d37fb8247f3f470aafbca02436b3fcf25ae435eeaf

SHA512
eb4bde247aea66541d26a7a5a8bac8d604e08b8ec4268ecf2184fbd55f0fe0ca64742fb11392c627abd330860188a51530c6fa296f0ddf8ca05324858a59f061

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\System.Net.NetworkInformation.dll

Filesize
171KB

MD5
112b9bed9ffbbb9fb43a0527e111328c

SHA1
c7ce8d3438577041d5336c570508124a7dd24313

SHA256
3dc1ebb88989f71c92d43a185efc9136b2d131c5a3f76427a3cdf4a943e28445

SHA512
0f567cdb736430d82938d5d112d0535f67be543119809ab4251a7887a42473d608f08b7703f04b5a1358b56889100fcb69a9efd95dda342f23c4f6c69ffe0f46

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\System.Net.Primitives.dll

Filesize
208KB

MD5
0ab3bf5fa5f9ed519275eaeede06cd7b

SHA1
fcb1401a057a2cc9bc620b2c5f2f1d453e95857f

SHA256
b435acc961ee8d27ce7bc16ae51341ca5593ee6be20aa08682236c892e102075

SHA512
5a322a4847edb69cc5c47d9e68ca96d8118f5c1757fd318af00e9780439d5e26d56761f3abe35f938f17b896bff9c77864f0bab4c2115f2507587ee501f1d68b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\System.Private.CoreLib.dll

Filesize
9.1MB

MD5
c7c2ba03b5839d4257d10976f98bb4f0

SHA1
916cbca1b66aad231624a1cc31b95a370bffd6e0

SHA256
471475c76f55d7e34b4273e7642ad420a4a4b213fdd70cf653786b7d7c4b224d

SHA512
60b0186afb5493a1210c4cc56cd6ed8dc19bb71c5835c7280d2e47d5db5f7d4dd94ed488f173248d13da0c2271a71752272173c95dd05d4c02f5bb6726e5a9cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\System.Runtime.Extensions.dll

Filesize
202KB

MD5
2a0caaaf3f4c9eb5f55d6f8103d7cfcd

SHA1
16e342dacbe392eb9f594ab89d3dfee870ac6ba5

SHA256
708c7415a2f616785aea75eec7eed2e950384349ae0aa3bcf871e06071c8d4ee

SHA512
f5f1f3a41de38ef22a7215ea7d8e97028864cbb5dae96d8a57c333da157656aa380c6d57b034af074637e355362d763ee98e5c096e871cb210769ce57376fea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\System.Runtime.InteropServices.dll

Filesize
52KB

MD5
7539776023daf368a240837d4ca88cbf

SHA1
06449baf27eaa6e01e8267787d84b776dfb05f55

SHA256
cee83fff140dd9fadf399f6cad059f32e71d6f745be7587905f70c8fde54bb7d

SHA512
56be68b48eb0bd51714b6d48cce5f55b350c4a24dce27fb189f240b635c3e6bc63d5b38339b3c1245837e93c714709777bcf8ccac9a63c0c16363f6a018fd14d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\System.Runtime.dll

Filesize
52KB

MD5
58fd4d524860938bb0f20f3701a62362

SHA1
f1828158f6a588e770afc0a6fe13b07c3d41c140

SHA256
fdae1e8bbc8222bf5107c7819472b35bd4d53e221163351113e74ba5e827339e

SHA512
c8e1b102b35dea39a2b72b314bf62f77c007132166e1891f24e2896f94824ffa9a2da62105e146a676438f505f46788564be7db31668a02d0dc9d626ef03526a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\System.Threading.dll

Filesize
75KB

MD5
949b631ca22cddcc13655508bf58e8d1

SHA1
78212eaf47e72bdf1341c9932489b76ea46e0116

SHA256
91bf281b638f9c7d0ead3ae86584aa0455b92313106b7abd893354ea36a2e3ca

SHA512
f692d73305416d69d3204ed53b873f8b70d59b4234c3ce0df7cc40d4d7579ee30265882a0a2df155fa3ae526bda8f6ff11aad00e24d0ab6ed3a0272a1e5267dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\UCSoft.dll

Filesize
204KB

MD5
57dd019e99c4f8f1c676c98c131a1cf1

SHA1
c8692255d9dccc7a2edcc3d1ef5f6d50128f42c9

SHA256
e23789e68255946618261fe087a49533de64cffb8419f339312398f05feba180

SHA512
39187875523696400e4466584312896cfa58e641d14337852f6634401da9d1ea62892cfce40da1be526715f08fcbd4b3a9a91c55fcc7a7583fc91dea66423773

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\clrjit.dll

Filesize
1.2MB

MD5
7e3672cd7f2dfff1083f071d72108b1f

SHA1
22c2f066fcb46518ad9574554d140f61129e67b3

SHA256
dd971b127ab86345242f475e959ecb399623f3c0191eba21cfdae2e9b9d4d4bb

SHA512
2e29ea1e05d10cebf4ed1412a8cc64e7b7715d5b5b061bda4b8d6f18313a8ae3313acc6351ce267f5c164b2b7bd16e92cdb658cd8f4277a3a9dd58d539628371

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\coreclr.dll

Filesize
5.3MB

MD5
00cfea65e2a7e1e7e96478bfbe3deae7

SHA1
07d1dbbe045f9f2fccb5d3d9f288fd14ff44a696

SHA256
d91a86cf7344895550cc6dd47b160720e35b73f5c0dd0431da691f140f7f7407

SHA512
7d152e715780de09d5aeca1fa86fd28d01a683bed8e3b9f78c7c87b7d29a1454d0b0ab307dc387a36084968daeb48842bbd1d80d9b776b859c10d26b9c0514e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\hostfxr.dll

Filesize
586KB

MD5
bede57e6ddf01cf40687bbceecb99066

SHA1
461877d8ed43e19d170b4aeffa40f3111f7f842c

SHA256
611e19526bfb20b9a4d9ece7c3329ae28b4a3b6d4ca1c1bb75b3270a0d647c13

SHA512
fb8c158cb2970c4ae6507efce8df791bdc50fb4371b15113b53e6c9519955fceabfa092dc8fe450b950b078832e63ed9d2961f73f6fe325bafaa7c322af07de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ABCdistive_th2a1\pswba5fo.ieg\hostpolicy.dll

Filesize
577KB

MD5
50f1be3cff78724de44342f0bddc6fb3

SHA1
21d133e712863de912dfa6a910057c73eb87cab5

SHA256
3f1027cc6322049e8b685c0fef0891219bd54b359d6da24df36d39521c965058

SHA512
9360959e4d63fc1fb289d8fb090b9f11453f1f256c313961771891ee49d1ed62677fdd44078a97f7a745a41ececf842cb972a987fa67c40a90c4322efc2f0206

Download Submit
memory/3548-238-0x00007FFF2D920000-0x00007FFF2DE8F000-memory.dmp

Filesize
5.4MB

Download
memory/3548-263-0x00007FFF2D920000-0x00007FFF2DE8F000-memory.dmp

Filesize
5.4MB

Download