3503068db91a7db8cd0daf56dcf6973abef2b321b8cd2ac3073076e6985662d0

Analysis

max time kernel
148s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 11:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Cor Client 1.5.exe
Size

473KB
MD5

e90d7c73cd6db02085b3b468c92eb670
SHA1

624b6c71a6749b909c33c3d009b224fb2e754831
SHA256

3503068db91a7db8cd0daf56dcf6973abef2b321b8cd2ac3073076e6985662d0
SHA512

58a11c1df504e989f029fd788ed6cfa49eda6d728db09cb131e1363e4de7afbbe5977e429e8b8d6c33243ee72b5f7e718ba5b86205aa8861184db62ff7e9b065
SSDEEP

12288:CBlbUPma8IJSQpQU4WbMpHwCvQA8nC4NP:sob5J7p4W/Cvr8nC4NP

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1360	Cor Client 1.5.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3004	svchost.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1360	Cor Client 1.5.exe
1360	Cor Client 1.5.exe

C:\Users\Admin\AppData\Local\Temp\Cor Client 1.5.exe
"C:\Users\Admin\AppData\Local\Temp\Cor Client 1.5.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:952

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3004-0-0x0000022BB4D70000-0x0000022BB4D80000-memory.dmp

Filesize
64KB

Download
memory/3004-16-0x0000022BB4E70000-0x0000022BB4E80000-memory.dmp

Filesize
64KB

Download
memory/3004-32-0x0000022BBD460000-0x0000022BBD461000-memory.dmp

Filesize
4KB

Download
memory/3004-33-0x0000022BBD490000-0x0000022BBD491000-memory.dmp

Filesize
4KB

Download
memory/3004-34-0x0000022BBD490000-0x0000022BBD491000-memory.dmp

Filesize
4KB

Download
memory/3004-35-0x0000022BBD490000-0x0000022BBD491000-memory.dmp

Filesize
4KB

Download
memory/3004-36-0x0000022BBD490000-0x0000022BBD491000-memory.dmp

Filesize
4KB

Download
memory/3004-37-0x0000022BBD490000-0x0000022BBD491000-memory.dmp

Filesize
4KB

Download
memory/3004-38-0x0000022BBD490000-0x0000022BBD491000-memory.dmp

Filesize
4KB

Download
memory/3004-39-0x0000022BBD490000-0x0000022BBD491000-memory.dmp

Filesize
4KB

Download
memory/3004-40-0x0000022BBD490000-0x0000022BBD491000-memory.dmp

Filesize
4KB

Download
memory/3004-41-0x0000022BBD490000-0x0000022BBD491000-memory.dmp

Filesize
4KB

Download
memory/3004-42-0x0000022BBD490000-0x0000022BBD491000-memory.dmp

Filesize
4KB

Download
memory/3004-43-0x0000022BBD0B0000-0x0000022BBD0B1000-memory.dmp

Filesize
4KB

Download
memory/3004-44-0x0000022BBD0A0000-0x0000022BBD0A1000-memory.dmp

Filesize
4KB

Download
memory/3004-46-0x0000022BBD0B0000-0x0000022BBD0B1000-memory.dmp

Filesize
4KB

Download
memory/3004-49-0x0000022BBD0A0000-0x0000022BBD0A1000-memory.dmp

Filesize
4KB

Download
memory/3004-52-0x0000022BBCFE0000-0x0000022BBCFE1000-memory.dmp

Filesize
4KB

Download
memory/3004-64-0x0000022BBD1E0000-0x0000022BBD1E1000-memory.dmp

Filesize
4KB

Download
memory/3004-66-0x0000022BBD1F0000-0x0000022BBD1F1000-memory.dmp

Filesize
4KB

Download
memory/3004-67-0x0000022BBD1F0000-0x0000022BBD1F1000-memory.dmp

Filesize
4KB

Download
memory/3004-68-0x0000022BBD300000-0x0000022BBD301000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads