Overview

overview

7

Static

static

7

fbbbbaa5ca...99.exe

windows7-x64

1

fbbbbaa5ca...99.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2023, 11:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fbbbbaa5ca3938d66df1f065340b051421a7135472e122e1509518c194ae8399.exe

  • Size

    838KB

  • MD5

    0c6e56008c59a8cd740172cfba9b77d0

  • SHA1

    b92f5d6372f6523516e0a22135392be8867be82f

  • SHA256

    fbbbbaa5ca3938d66df1f065340b051421a7135472e122e1509518c194ae8399

  • SHA512

    c3d72c8b2ba9a866247abab1f53719956a112348128f7839040fa14eaf7fd2b2ee7a90edd9908a064c1d9409453140cedf812ac408578d50bf77ea6650e1d965

  • SSDEEP

    24576:K7R/wU5+e+Cnaar9YIzfuiD7SwfMK3wUb:k/wQ+ema+Ia8WwfMXUb

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fbbbbaa5ca3938d66df1f065340b051421a7135472e122e1509518c194ae8399.exe
    "C:\Users\Admin\AppData\Local\Temp\fbbbbaa5ca3938d66df1f065340b051421a7135472e122e1509518c194ae8399.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:432
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:3704
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1772

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\3UPic\Conf.ini
            Filesize

            32B

            MD5

            a90a0f43e83b21213610c5a3afe21aef

            SHA1

            9b9728f29ff20e2e70c72177e1f684be21b0caa7

            SHA256

            fba15e85fe9fc7f5346a9756f8f8b89ed4648cea01482d1d27448a4acbbbfbd9

            SHA512

            9463d437d019e3afba854f5bff85aac9ab37b1a5c10fd0411676504a1f32db1fefc6a5d36081de5eaaa891417682b7d8b3cdd643f1fff4329aae95c35c42ba0a

            Download Submit

          • memory/432-20-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-61-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-3-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-2-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-13-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-14-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-15-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-16-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-17-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-18-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-19-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-0-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-1-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-64-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-21-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-63-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-62-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-57-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/432-22-0x0000000000400000-0x000000000073B000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/1772-59-0x000001E7AD580000-0x000001E7AD581000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1772-60-0x000001E7AD690000-0x000001E7AD691000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1772-58-0x000001E7AD580000-0x000001E7AD581000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1772-55-0x000001E7AD550000-0x000001E7AD551000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1772-39-0x000001E7A5240000-0x000001E7A5250000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1772-23-0x000001E7A5140000-0x000001E7A5150000-memory.dmp

            Filesize

            64KB

            Download