Analysis
-
max time kernel
141s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
17-11-2023 17:39
Static task
static1
Behavioral task
behavioral1
Sample
dc3359e0e96fbd5245b08760dfb2196ac3e26d88fae48230f46b5c26706fa0b1.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
dc3359e0e96fbd5245b08760dfb2196ac3e26d88fae48230f46b5c26706fa0b1.exe
Resource
win10v2004-20231020-en
General
-
Target
dc3359e0e96fbd5245b08760dfb2196ac3e26d88fae48230f46b5c26706fa0b1.exe
-
Size
1.5MB
-
MD5
c1794e1c4930ab4f3e4a7f9af22bd15d
-
SHA1
54699f63132e403a80068895746a7c26fb0ea916
-
SHA256
dc3359e0e96fbd5245b08760dfb2196ac3e26d88fae48230f46b5c26706fa0b1
-
SHA512
a6dffdec910c92b95cc4b95fb94ea20470904ac367d9e9ab0f578b311d927a041c93f831762ac760372ecf7103752712194b603daf05b701e474546a849300d6
-
SSDEEP
24576:IfYgP/bBVxRJz7LzMtnC7vpqGoICkF+PnRdvflhrUN70Vv07bfV76F3dZDa3Cb2F:45rzMtC3cF3dtaSCrLHP
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 4372 dc3359e0e96fbd5245b08760dfb2196ac3e26d88fae48230f46b5c26706fa0b1.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 3652 svchost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\dc3359e0e96fbd5245b08760dfb2196ac3e26d88fae48230f46b5c26706fa0b1.exe"C:\Users\Admin\AppData\Local\Temp\dc3359e0e96fbd5245b08760dfb2196ac3e26d88fae48230f46b5c26706fa0b1.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:4372
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:1492
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3652
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD51cc03d65adef54627c3a813bfbc1174f
SHA1b08a4f38a49496cbca95434a2775bcae7e9ff902
SHA2569b2f57fb8fb9f3242d982e1f701ac49d5999bc6a596452e1d44e1557a24b5635
SHA512fc51ee8f21524157d8a5e6ec90a5b36400d922eea8ddadd2f8b54b3cd4b30b81b456d3ddb457caa0f155bc6d32adecd5e2de8e69fd78989f5da3cecaa40ec783