Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 23:40

General

  • Target

    1a579c3c244c6d61a663d33552b5057b.exe

  • Size

    1.0MB

  • MD5

    1a579c3c244c6d61a663d33552b5057b

  • SHA1

    8f8cad540acbc396c5fdca0f445af7af0bd4df89

  • SHA256

    657ed0632158da9edb4f46a8086e9ec6167c332dc89e6a106e7891577845f574

  • SHA512

    d68b8e6b5259f1664e83420fe0a6ff5e0bbe8bf15be432e427d25a16717a967c52a17dea289ac3072094c18f9655d47916c37054f4fbcb113af950deff07c3e6

  • SSDEEP

    24576:XCla/6N1I2rXccaMf+VpfPQy2i9XKtG6y4gs:ylk6N1JQ9M63j0/

Score
9/10

Malware Config

Signatures

  • CustAttr .NET packer 1 IoCs

    Detects CustAttr .NET packer in memory.

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a579c3c244c6d61a663d33552b5057b.exe
    "C:\Users\Admin\AppData\Local\Temp\1a579c3c244c6d61a663d33552b5057b.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\Users\Admin\AppData\Local\Temp\1a579c3c244c6d61a663d33552b5057b.exe
      "C:\Users\Admin\AppData\Local\Temp\1a579c3c244c6d61a663d33552b5057b.exe"
      2⤵
        PID:588
      • C:\Users\Admin\AppData\Local\Temp\1a579c3c244c6d61a663d33552b5057b.exe
        "C:\Users\Admin\AppData\Local\Temp\1a579c3c244c6d61a663d33552b5057b.exe"
        2⤵
          PID:268
        • C:\Users\Admin\AppData\Local\Temp\1a579c3c244c6d61a663d33552b5057b.exe
          "C:\Users\Admin\AppData\Local\Temp\1a579c3c244c6d61a663d33552b5057b.exe"
          2⤵
            PID:464
          • C:\Users\Admin\AppData\Local\Temp\1a579c3c244c6d61a663d33552b5057b.exe
            "C:\Users\Admin\AppData\Local\Temp\1a579c3c244c6d61a663d33552b5057b.exe"
            2⤵
              PID:548
            • C:\Users\Admin\AppData\Local\Temp\1a579c3c244c6d61a663d33552b5057b.exe
              "C:\Users\Admin\AppData\Local\Temp\1a579c3c244c6d61a663d33552b5057b.exe"
              2⤵
                PID:2908

            Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • memory/2692-0-0x0000000000300000-0x000000000040C000-memory.dmp

                    Filesize

                    1.0MB

                  • memory/2692-1-0x0000000074A30000-0x000000007511E000-memory.dmp

                    Filesize

                    6.9MB

                  • memory/2692-2-0x0000000000590000-0x00000000005D0000-memory.dmp

                    Filesize

                    256KB

                  • memory/2692-3-0x0000000000410000-0x0000000000422000-memory.dmp

                    Filesize

                    72KB

                  • memory/2692-4-0x0000000074A30000-0x000000007511E000-memory.dmp

                    Filesize

                    6.9MB

                  • memory/2692-5-0x0000000000590000-0x00000000005D0000-memory.dmp

                    Filesize

                    256KB

                  • memory/2692-6-0x0000000004FB0000-0x000000000500A000-memory.dmp

                    Filesize

                    360KB

                  • memory/2692-7-0x00000000051C0000-0x0000000005226000-memory.dmp

                    Filesize

                    408KB

                  • memory/2692-8-0x0000000000570000-0x0000000000594000-memory.dmp

                    Filesize

                    144KB

                  • memory/2692-9-0x0000000074A30000-0x000000007511E000-memory.dmp

                    Filesize

                    6.9MB