Overview

overview

7

Static

static

3

edd99c1732...52.exe

windows7-x64

7

edd99c1732...52.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    20/12/2023, 01:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52.exe

  • Size

    172.4MB

  • MD5

    f399dbd5a45a9104834df5b169466185

  • SHA1

    02ee3e5d62f525d3ff7eccf55b9fe82157fee74c

  • SHA256

    edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52

  • SHA512

    218185a3f10cc236490f55514043238702b0f026b0c75af469f3b94e5f01f43322b6b78abca712bda89fb373fbcc71d2aa7cc9aeaaa8a572ccce9e0837cbd779

  • SSDEEP

    1572864:mR7mcP7wZ6drTmRZYdWJq0k8tpYEXuhbp1I:mR7mchTmEdWJg38iw

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52.exe
    "C:\Users\Admin\AppData\Local\Temp\edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\.net\edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52\vLDZDPNlyQMUGXKaD1BZsXzJcevyk0U=\D3DCompiler_47_cor3.dll
    Filesize

    1.4MB

    MD5

    cfe1332e8e83455af3a9338af405f663

    SHA1

    86e7a09252fe38e4e2896efd30139ea0189ebd89

    SHA256

    484b6dd95b6394d5b6499e7799df1861dce5f79238ef23c06f1619c66532a209

    SHA512

    b31c82fc1346b24cb2b2853ecce99f42d7a2bd1800da311435063b52b142e931edb6feb839b36197f17a735fedbd39656cd9107bb0cbe30659727d4c6dd030a4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52\vLDZDPNlyQMUGXKaD1BZsXzJcevyk0U=\PresentationNative_cor3.dll
    Filesize

    1.2MB

    MD5

    8ec1be06c7e18ed1a28d79aa5999434f

    SHA1

    d679bc3271655937a640cdf189ad9dcde229d34c

    SHA256

    f8f7b44f05a9ec52f7b4eec1ab31983bec5f9a32b3ea6a06d50c450c29a4f99f

    SHA512

    2ee7dde3116d25c6110cf3180204d9d59c63b1937ce1cd2f7bb7e8b7b4666c28919a1f7f8fbe084f1da60e5215db95b54e109015bf0c5fd1779c00b56b62a5f0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\edd99c173299a825bc95a7bb297d71188236049ad03a671356e0454e4669ff52\vLDZDPNlyQMUGXKaD1BZsXzJcevyk0U=\wpfgfx_cor3.dll
    Filesize

    1.5MB

    MD5

    6d3a534d625a6f13cdc46fba410dc52f

    SHA1

    8f478a2c98357014e4cd8424bdfbeb800b3e35a0

    SHA256

    558931867c8a6bc95673941b61b9f84800575d369feed1003b77a1cf5da576df

    SHA512

    3c0c856cd249ccafc3e208cdb79e6a586a443c39729faa3f229e9114630480085ff841e4b68c74a68ee72ce96ef4bd051359110e742a7a7f49666995ddb303d8

    Download Submit

  • memory/2928-43-0x0000000001EA0000-0x0000000001EC0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2928-51-0x00000000048F0000-0x0000000004C40000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2928-23-0x00000000021E0000-0x00000000022F0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2928-31-0x0000000001D10000-0x0000000001DA0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/2928-27-0x00000000002E0000-0x00000000002F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2928-39-0x0000000001DE0000-0x0000000001DF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2928-35-0x0000000001DA0000-0x0000000001DC0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2928-5-0x0000000002E20000-0x0000000003240000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/2928-47-0x0000000002310000-0x0000000002330000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2928-19-0x0000000003D00000-0x00000000042C0000-memory.dmp

    Filesize

    5.8MB

    Download

  • memory/2928-55-0x0000000002810000-0x0000000002860000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2928-63-0x0000000002860000-0x0000000002870000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2928-67-0x0000000002870000-0x0000000002880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2928-59-0x0000000002390000-0x00000000023A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2928-17-0x000000013FA10000-0x000000014034B000-memory.dmp

    Filesize

    9.2MB

    Download

  • memory/2928-14-0x00000000003F0000-0x0000000000420000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2928-9-0x000000000CA80000-0x0000000011EA0000-memory.dmp

    Filesize

    84.1MB

    Download

  • memory/2928-179-0x0000000005B90000-0x0000000005B9A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2928-182-0x0000000005B90000-0x0000000005B9A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2928-241-0x000000013FA10000-0x000000014034B000-memory.dmp

    Filesize

    9.2MB

    Download