b5f5a7acd5dd5b713c65e6680d063c1884b0e971c695ac26536b2ce17a52d54a

Analysis

max time kernel
150s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5f5a7acd5dd5b713c65e6680d063c1884b0e971c695ac26536b2ce17a52d54a.exe
Size

4.1MB
MD5

d062258ea368b416706a0ebaa0c7166d
SHA1

9b2ea386b7ee7fd6e87937f4ab014654026452a3
SHA256

b5f5a7acd5dd5b713c65e6680d063c1884b0e971c695ac26536b2ce17a52d54a
SHA512

55a3a40ecdb5ea2e9cdcf64885e2f6ecf0eadf90a40a2e9316fafa599e446d1e2cf639c192ff1e154787a4ec3f4e1eebe5f9013e37b9121915aa9265eb1eae98
SSDEEP

49152:KDnaVVMzMvkMUzM3n5x/FJ+OeAY+r5u8QeKxFOJxdb4vZKV:WaVizMvkMUg3n5x3KdzOJDb4v+

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4596	svchost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2300	b5f5a7acd5dd5b713c65e6680d063c1884b0e971c695ac26536b2ce17a52d54a.exe

C:\Users\Admin\AppData\Local\Temp\b5f5a7acd5dd5b713c65e6680d063c1884b0e971c695ac26536b2ce17a52d54a.exe
"C:\Users\Admin\AppData\Local\Temp\b5f5a7acd5dd5b713c65e6680d063c1884b0e971c695ac26536b2ce17a52d54a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3380

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
f61a139f67422189307ad66cb2c96b8d

SHA1
900cbee99e0623c450f246f9629b97cfcb9d7366

SHA256
75db4f0d475b82ee5f956439c8d625c39605d15e63a5657edf2d4b77479963ce

SHA512
779db308b019c00ec9cef2e475cf3411a9f928ad005c307d20476830f3bffcab3354848e78aff0ce159e0c1e6d9428c639bc2d7726dc3cb16e7c3abf845675ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
6a93d01022f664b6e8c03146618fced0

SHA1
b20c4b10d28fc5a34c63c4f91baf2dc5806c5d18

SHA256
6a09fa74d6827afa9a1e5c02707b94289d0b1ce9a7cf22162603c4153802a68a

SHA512
faf253cb59b06a6e00ec5a2a44312ff5a1d2a9703156bec07eda1ca405ca78a20dd9383807006731b2c21f0d8afeac82c519c6fdaab35598678628f9e36e2a97

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
6a93d01022f664b6e8c03146618fced0

SHA1
b20c4b10d28fc5a34c63c4f91baf2dc5806c5d18

SHA256
6a09fa74d6827afa9a1e5c02707b94289d0b1ce9a7cf22162603c4153802a68a

SHA512
faf253cb59b06a6e00ec5a2a44312ff5a1d2a9703156bec07eda1ca405ca78a20dd9383807006731b2c21f0d8afeac82c519c6fdaab35598678628f9e36e2a97

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
48071fff4fd0bd8d8c6245b246ad8c6c

SHA1
84a121a908cbc2bb21ed7b7ab6a1c48a1985276b

SHA256
060af588f0a03553650f1b4e2d109ff8d4cecd04220e8bc7a68c554e4c804c7f

SHA512
ff3bab1a544765fb91756e9581f0625897d9f5b2e6e58033d673ce5cd67c40cb61a0cbe21c0f0262d5a814d66d0490781bb588d38e3f05fafabe03f47e296e1b

Download Submit
memory/4596-187-0x000002508F340000-0x000002508F350000-memory.dmp

Filesize
64KB

Download
memory/4596-203-0x000002508F440000-0x000002508F450000-memory.dmp

Filesize
64KB

Download
memory/4596-219-0x0000025097790000-0x0000025097791000-memory.dmp

Filesize
4KB

Download
memory/4596-221-0x00000250977C0000-0x00000250977C1000-memory.dmp

Filesize
4KB

Download
memory/4596-222-0x00000250977C0000-0x00000250977C1000-memory.dmp

Filesize
4KB

Download
memory/4596-223-0x00000250978D0000-0x00000250978D1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads