2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
24/10/2023, 11:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe
Size

12.0MB
MD5

46cada3f6a44380fb25ece75da0d0928
SHA1

5c9ba523e8bec5c2ac9078df63d7f81babe223cf
SHA256

2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d
SHA512

ab072be91e4aa189497c1448cba136273afa0d76e4024ab57ab859b0d47935127883064f00dc34218c351ed84238c833601c625ea3065fec1f3b4de21005f560
SSDEEP

196608:0fU3R4DCLMaMLJK6MhpW0KbQ2yqcJVSlMpV3O:0fU3R4DmMLojp3K5miip1O

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\desktop.ini	2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs

pid	Process
2076	2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe
2076	2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe
2076	2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe
2076	2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe
2076	2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe
2076	2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe
2076	2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSystemtimePrivilege	2076	2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2076	2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe
2076	2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2076	2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2076	2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe
2076	2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe

C:\Users\Admin\AppData\Local\Temp\2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe
"C:\Users\Admin\AppData\Local\Temp\2ddde756e40d81603ad9efa5c66c11f204f310d5be99a7f7fc9d918b742ffa9d.exe"
1⤵
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2076-0-0x0000000000400000-0x0000000001000000-memory.dmp

Filesize
12.0MB

Download
memory/2076-1-0x0000000077450000-0x0000000077497000-memory.dmp

Filesize
284KB

Download
memory/2076-811-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-812-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-814-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-816-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-818-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-822-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-820-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-824-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-826-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-830-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-828-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-838-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-836-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-834-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-832-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-842-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-840-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-848-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-846-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-844-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-850-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-852-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-854-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-856-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-858-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-860-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-862-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-866-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-864-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-868-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-872-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-870-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-2547-0x0000000002C70000-0x0000000002DF1000-memory.dmp

Filesize
1.5MB

Download
memory/2076-8686-0x0000000002E00000-0x0000000002F11000-memory.dmp

Filesize
1.1MB

Download
memory/2076-8687-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2076-8690-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2076-8689-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2076-8692-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2076-8700-0x0000000004BC0000-0x0000000004BC1000-memory.dmp

Filesize
4KB

Download
memory/2076-8706-0x0000000000400000-0x0000000001000000-memory.dmp

Filesize
12.0MB

Download