Overview

overview

7

Static

static

3

150cb4617d...fa.exe

windows7-x64

7

150cb4617d...fa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/11/2023, 11:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    150cb4617dd9b5d97af15265195519724fa97bad47f548fc5b950158ccc54efa.exe

  • Size

    162.6MB

  • MD5

    156c3f770b5953b41e62a5d6814384d6

  • SHA1

    326d11e83bb1572bd00d99ac641b13e99f2eb2b6

  • SHA256

    150cb4617dd9b5d97af15265195519724fa97bad47f548fc5b950158ccc54efa

  • SHA512

    84f4dd49501869ffa3593dc547f8440274e701c541f063410d59313dc707a75d4f23b16d99ab8ec07b321bc86c1c73c2936ff94de609b12273fe0361dff88d69

  • SSDEEP

    1572864:IxYDr3VLmrVf6T9jCykX7LBZY56W8SGc2e:IxYDrFLmhiT9joQU5c2e

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\150cb4617dd9b5d97af15265195519724fa97bad47f548fc5b950158ccc54efa.exe
    "C:\Users\Admin\AppData\Local\Temp\150cb4617dd9b5d97af15265195519724fa97bad47f548fc5b950158ccc54efa.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:4772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\.net\150cb4617dd9b5d97af15265195519724fa97bad47f548fc5b950158ccc54efa\2yuR1BF1o1CypwvjmfGkePrpZ4JZI2c=\D3DCompiler_47_cor3.dll
    Filesize

    4.7MB

    MD5

    03a60a6652caf4f49ea5912ce4e1b33c

    SHA1

    a0d949d4af7b1048dc55e39d1d1260a1e0660c4f

    SHA256

    b23e7b820ed5c6ea7dcd77817e2cd79f1cec9561d457172287ee634a8bd658c3

    SHA512

    6711d40d171ea200c92d062226a69f33eb41e9232d74291ef6f0202de73cf4dc54fbdd769104d2bb3e89dc2d81f2f2f3479e4258a5d6a54c545e56b07746b4c4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\150cb4617dd9b5d97af15265195519724fa97bad47f548fc5b950158ccc54efa\2yuR1BF1o1CypwvjmfGkePrpZ4JZI2c=\PresentationNative_cor3.dll
    Filesize

    1.2MB

    MD5

    ef01a6c206c65369dd05ca5aff258aa2

    SHA1

    219cc335309f7a6b48b3aa0554f228d59cfd0e7c

    SHA256

    6342b0b0c9a864e4dca5d6d6d60d31ff4d7f02232d63fb45958035b5db77980e

    SHA512

    c35f31bcc766a0c1d35a82197226222cfe7eb198a4df8b18acfb174a8654fd2b77e20fe5dad7be7c423e293bbb37d0d0b6a763b2fcd93c3bacd80077a14642ad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\150cb4617dd9b5d97af15265195519724fa97bad47f548fc5b950158ccc54efa\2yuR1BF1o1CypwvjmfGkePrpZ4JZI2c=\wpfgfx_cor3.dll
    Filesize

    1.9MB

    MD5

    1bd451c0ea27f1c3cbaf428e11c6ffe6

    SHA1

    30ed8e98b08ecf3c583e81d78258a292780bc755

    SHA256

    292f74c265648690eb26e5008f4aa4ffd8774ed33682296970a063535340ebc5

    SHA512

    9b7f7511b7b6eaedcdba7095aa4129b653650c8be5f889055c6649242aa6c3119c26ca54e9329dd3d683955ffa99125585e8d37e915bf4e9924f86c76d50e9af

    Download Submit

  • memory/4772-21-0x0000019278C70000-0x0000019278CAE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4772-45-0x0000019278CF0000-0x0000019278D06000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4772-18-0x0000019278C20000-0x0000019278C64000-memory.dmp

    Filesize

    272KB

    Download

  • memory/4772-5-0x0000000180000000-0x0000000180A25000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/4772-24-0x000001927AB40000-0x000001927B382000-memory.dmp

    Filesize

    8.3MB

    Download

  • memory/4772-27-0x0000019278D40000-0x0000019278DC0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/4772-30-0x0000019257730000-0x000001925773D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/4772-33-0x0000019257880000-0x0000019257885000-memory.dmp

    Filesize

    20KB

    Download

  • memory/4772-36-0x0000019278CB0000-0x0000019278CC3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4772-39-0x00000192578B0000-0x00000192578B7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/4772-42-0x0000019278CD0000-0x0000019278CE9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/4772-15-0x0000019279090000-0x00000192791EE000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/4772-48-0x0000019278E10000-0x0000019278E50000-memory.dmp

    Filesize

    256KB

    Download

  • memory/4772-51-0x0000019257890000-0x00000192578A8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4772-54-0x0000019278DC0000-0x0000019278DD2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4772-12-0x0000019278E60000-0x0000019279088000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4772-60-0x00000192792F0000-0x00000192793E4000-memory.dmp

    Filesize

    976KB

    Download

  • memory/4772-63-0x0000019278DE0000-0x0000019278DE8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4772-66-0x0000019279240000-0x0000019279287000-memory.dmp

    Filesize

    284KB

    Download

  • memory/4772-69-0x0000019279290000-0x00000192792BA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4772-72-0x000001927D5D0000-0x000001927DDEC000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/4772-9-0x00007FF6D94E0000-0x00007FF6D9E4B000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/4772-8-0x0000019279BB0000-0x000001927AB38000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/4772-134-0x00007FF6D94E0000-0x00007FF6D9E4B000-memory.dmp

    Filesize

    9.4MB

    Download