Overview

overview

7

Static

static

3

69b185e437...ed.exe

windows7-x64

7

69b185e437...ed.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-10-2023 01:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69b185e43797cad2b7f2a2729931cadb1945a5b66710c79f986130b5e71a67ed.exe

  • Size

    7.2MB

  • MD5

    0c48d351f565388a1e7de0c7227a70aa

  • SHA1

    81e3db317c4f241af8377b56257247965fe51dab

  • SHA256

    69b185e43797cad2b7f2a2729931cadb1945a5b66710c79f986130b5e71a67ed

  • SHA512

    1bd2febdb4c222e57231c8717f7fcb4c6743970535d58d988b63063ab701211caecf932545845d9411bccb7608194f7dc92faeab86f8a061b609c90256353e86

  • SSDEEP

    98304:Jo9WJNiI+tQ7fQr0WG3hXzgdYezbGr5JIVhUh+du4Y/K9Cu/9VyQ4Nb1EYgc3R7t:/riIoQbNWG1gQ5JcUQmVSk1EYh7

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69b185e43797cad2b7f2a2729931cadb1945a5b66710c79f986130b5e71a67ed.exe
    "C:\Users\Admin\AppData\Local\Temp\69b185e43797cad2b7f2a2729931cadb1945a5b66710c79f986130b5e71a67ed.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\dlqmain.dll
    Filesize

    5.6MB

    MD5

    e60c1623b0a813b6c3a9fce4eff7d010

    SHA1

    c4cb2826edf26192b7c9004e655ec5b3ae81bf56

    SHA256

    4a1718c95bcf10d3492e115a3eaf27c51d0b62c5e2bb882dcb8867b0338cc03d

    SHA512

    b912520b04b3d06ff2f7359fd5c9ff6957593a22a0dd9ad3537b46f76bba4bbfdeb7dd94ee80c2c2502b846c1ea85d43fe96c2407754391f1b6717f49e2e2213

    Download Submit

  • C:\Windows\SysWOW64\dlqmain.dll
    Filesize

    5.6MB

    MD5

    e60c1623b0a813b6c3a9fce4eff7d010

    SHA1

    c4cb2826edf26192b7c9004e655ec5b3ae81bf56

    SHA256

    4a1718c95bcf10d3492e115a3eaf27c51d0b62c5e2bb882dcb8867b0338cc03d

    SHA512

    b912520b04b3d06ff2f7359fd5c9ff6957593a22a0dd9ad3537b46f76bba4bbfdeb7dd94ee80c2c2502b846c1ea85d43fe96c2407754391f1b6717f49e2e2213

    Download Submit

  • memory/4252-12-0x0000000002940000-0x0000000002941000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4252-1-0x0000000001110000-0x0000000001111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4252-8-0x00000000035C0000-0x000000000420C000-memory.dmp

    Filesize

    12.3MB

    Download

  • memory/4252-11-0x0000000076590000-0x0000000076591000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4252-0-0x0000000077F10000-0x0000000077F11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4252-13-0x0000000002E60000-0x0000000002F19000-memory.dmp

    Filesize

    740KB

    Download

  • memory/4252-14-0x0000000004350000-0x00000000043EB000-memory.dmp

    Filesize

    620KB

    Download

  • memory/4252-15-0x0000000005B50000-0x0000000005DCE000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/4252-16-0x0000000002960000-0x0000000002989000-memory.dmp

    Filesize

    164KB

    Download

  • memory/4252-17-0x0000000005DD0000-0x0000000005EAB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/4252-18-0x0000000004450000-0x00000000044E4000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4252-19-0x00000000035C0000-0x000000000420C000-memory.dmp

    Filesize

    12.3MB

    Download