Analysis
-
max time kernel
120s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231025-en -
resource tags
-
submitted
17-11-2023 18:57
General
-
Target
WareHub_Cw4ck_By_discord.gg_Recte/Execute Me In Lobby.exe
-
Size
90KB
-
MD5
c5cbe94c0a909f2521b5365989ae3a1a
-
SHA1
598e081ad680bc6510719d3cc0e291a84d4402e6
-
SHA256
f68369688730d28b9033c372be78fa07d909633a3ef0587d7badc8eb3e750f1d
-
SHA512
bba0dc5c318bdc219ac35f9ac9f1a1d40506778b52436afaeb872c46e0e39c28294c661e897d30be7a737242c58329bd3f9715670b480baaf4bc717b2ff33fbf
-
SSDEEP
1536:H7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfEwcO+:b7DhdC6kzWypvaQ0FxyNTBfEP
Score
1/10
Malware Config
Signatures
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 22 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\WareHub_Cw4ck_By_discord.gg_Recte\Execute Me In Lobby.exe"C:\Users\Admin\AppData\Local\Temp\WareHub_Cw4ck_By_discord.gg_Recte\Execute Me In Lobby.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\5A21.tmp\5A22.tmp\5A23.bat "C:\Users\Admin\AppData\Local\Temp\WareHub_Cw4ck_By_discord.gg_Recte\Execute Me In Lobby.exe""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exeNET FILE3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 FILE4⤵
-
-
-
C:\Windows\system32\net.exeNET FILE3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 FILE4⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\WareHub_Cw4ck_By_discord.gg_Recte\IGNORE-THIS-FOLDER\a.exe.\IGNORE-THIS-FOLDER\a.exe inject -p 1v1_LOL -a .\IGNORE-THIS-FOLDER\a.png -n LOLXUESOS -c IKSAD -m sdfmn3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2792 -s 6564⤵
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD535c6da25f9807fc18452f8127f2dd228
SHA163f1b757fb8344b64964339ceb0bfaf4bfcbd519
SHA256f8afd8b32a57f63338c69685c8d97af4c3215c067bad715197a693f30617c853
SHA51232528629c3222afe24a347c3d3d7b2cc4659c7bf2a772a6e61ec35c72452cca8f252db5c97e939acfb6291d4796822016329a6c2b93493f0733cf575ff44fed4
-
Filesize
40KB
-
Filesize
48KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB