Overview

overview

7

Static

static

3

3b0656bc76...94.exe

windows7-x64

7

3b0656bc76...94.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2023 11:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b0656bc769eaf5618c4ee3e099554af810e5dc17026818cd2416c947dbb1194.exe

  • Size

    162.6MB

  • MD5

    07946bb0dab1fb8ef2eaa836885c8f1e

  • SHA1

    c218e673b8ca569afe881852786a97c854404718

  • SHA256

    3b0656bc769eaf5618c4ee3e099554af810e5dc17026818cd2416c947dbb1194

  • SHA512

    4f8ca5f1c38ddbadb5c23fb26767b9eb19da38d0fdf0455ee14df1ae96309affaa43647a6d6efac82ada38be8d9294adc85a60346193475005236ff8e28f5b2a

  • SSDEEP

    1572864:IkYDr3VLmiVf6T9jCykX7LBZY56W8SGc2+:IkYDrFLmEiT9joQU5c2+

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b0656bc769eaf5618c4ee3e099554af810e5dc17026818cd2416c947dbb1194.exe
    "C:\Users\Admin\AppData\Local\Temp\3b0656bc769eaf5618c4ee3e099554af810e5dc17026818cd2416c947dbb1194.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\.net\3b0656bc769eaf5618c4ee3e099554af810e5dc17026818cd2416c947dbb1194\GQht0H4FyPxs7fhvcj4O3HiGWF4ddH4=\D3DCompiler_47_cor3.dll
    Filesize

    4.7MB

    MD5

    03a60a6652caf4f49ea5912ce4e1b33c

    SHA1

    a0d949d4af7b1048dc55e39d1d1260a1e0660c4f

    SHA256

    b23e7b820ed5c6ea7dcd77817e2cd79f1cec9561d457172287ee634a8bd658c3

    SHA512

    6711d40d171ea200c92d062226a69f33eb41e9232d74291ef6f0202de73cf4dc54fbdd769104d2bb3e89dc2d81f2f2f3479e4258a5d6a54c545e56b07746b4c4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\3b0656bc769eaf5618c4ee3e099554af810e5dc17026818cd2416c947dbb1194\GQht0H4FyPxs7fhvcj4O3HiGWF4ddH4=\PresentationNative_cor3.dll
    Filesize

    1.2MB

    MD5

    ef01a6c206c65369dd05ca5aff258aa2

    SHA1

    219cc335309f7a6b48b3aa0554f228d59cfd0e7c

    SHA256

    6342b0b0c9a864e4dca5d6d6d60d31ff4d7f02232d63fb45958035b5db77980e

    SHA512

    c35f31bcc766a0c1d35a82197226222cfe7eb198a4df8b18acfb174a8654fd2b77e20fe5dad7be7c423e293bbb37d0d0b6a763b2fcd93c3bacd80077a14642ad

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\3b0656bc769eaf5618c4ee3e099554af810e5dc17026818cd2416c947dbb1194\GQht0H4FyPxs7fhvcj4O3HiGWF4ddH4=\wpfgfx_cor3.dll
    Filesize

    1.9MB

    MD5

    1bd451c0ea27f1c3cbaf428e11c6ffe6

    SHA1

    30ed8e98b08ecf3c583e81d78258a292780bc755

    SHA256

    292f74c265648690eb26e5008f4aa4ffd8774ed33682296970a063535340ebc5

    SHA512

    9b7f7511b7b6eaedcdba7095aa4129b653650c8be5f889055c6649242aa6c3119c26ca54e9329dd3d683955ffa99125585e8d37e915bf4e9924f86c76d50e9af

    Download Submit

  • memory/2928-45-0x0000000002770000-0x0000000002786000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2928-51-0x0000000001FB0000-0x0000000001FC8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2928-18-0x0000000002160000-0x00000000021A4000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2928-21-0x00000000021B0000-0x00000000021EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2928-24-0x0000000005A50000-0x0000000006292000-memory.dmp

    Filesize

    8.3MB

    Download

  • memory/2928-27-0x00000000004C0000-0x0000000000540000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2928-30-0x0000000001FA0000-0x0000000001FAD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2928-33-0x0000000001C90000-0x0000000001C95000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2928-36-0x00000000021F0000-0x0000000002203000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2928-39-0x0000000002740000-0x0000000002747000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2928-42-0x0000000002750000-0x0000000002769000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2928-5-0x0000000180000000-0x0000000180A25000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/2928-48-0x0000000002BE0000-0x0000000002C20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2928-15-0x0000000002C20000-0x0000000002D7E000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2928-54-0x0000000002BB0000-0x0000000002BC2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2928-12-0x0000000003B30000-0x0000000003D58000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2928-60-0x0000000004100000-0x00000000041F4000-memory.dmp

    Filesize

    976KB

    Download

  • memory/2928-63-0x0000000002BA0000-0x0000000002BA8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2928-66-0x0000000003DB0000-0x0000000003DF7000-memory.dmp

    Filesize

    284KB

    Download

  • memory/2928-69-0x0000000003E00000-0x0000000003E2A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2928-72-0x0000000006AD0000-0x00000000072EC000-memory.dmp

    Filesize

    8.1MB

    Download

  • memory/2928-9-0x0000000004AC0000-0x0000000005A48000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/2928-8-0x000000013FE80000-0x00000001407EB000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/2928-119-0x0000000002110000-0x000000000211A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2928-121-0x0000000002110000-0x000000000211A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2928-130-0x0000000004280000-0x0000000004281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2928-134-0x000000013FE80000-0x00000001407EB000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/2928-135-0x0000000002110000-0x000000000211A000-memory.dmp

    Filesize

    40KB

    Download