6b9c2dddec31e141cdf841f0ba4aa0ad556f3e0873a1cc191ec3a31b9279ea30

Analysis

max time kernel
1s
max time network
10s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 15:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02b0d9a0545a27a7f5f8ed019c0e77e1.exe
Size

197KB
MD5

02b0d9a0545a27a7f5f8ed019c0e77e1
SHA1

87a3f48fcbbdcf90c86be82e595ee93b8086c0d0
SHA256

6b9c2dddec31e141cdf841f0ba4aa0ad556f3e0873a1cc191ec3a31b9279ea30
SHA512

48c2e6d6203a0388dfcf7daf16a0678e380f54a3b2aa85afb8b28564e244ed691674b58623fd61ae57da56581aa7144ade04c80a48a8b1f908e448db3184516e
SSDEEP

3072:Z0rbT6/ETQlKp8rOr6u0T9Rd04vEo4/F8sRj37F+vlSJSSb0hqEnHVy:SNTQWAOFK9Rd0FowjrOYSu0YEn1y

Score

1^/10

Malware Config

Signatures

C:\Users\Admin\AppData\Local\Temp\02b0d9a0545a27a7f5f8ed019c0e77e1.exe
"C:\Users\Admin\AppData\Local\Temp\02b0d9a0545a27a7f5f8ed019c0e77e1.exe"
1⤵
PID:3924

C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
1⤵
PID:2636

C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
1⤵
PID:2100

C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
1⤵
PID:3040
- C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
  C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
  2⤵
  PID:2056
- - C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
    C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
    3⤵
    PID:440
  - - C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
      C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
      4⤵
      PID:3400
    - - C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
        
        C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
        5⤵
        
        PID:2868
      - C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
        
        C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
        6⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
        
        C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
        7⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
        
        C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
        8⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
        
        C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
        9⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
        
        C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
        10⤵
        
        PID:548
        
        C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
        
        C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
        11⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
        
        C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
        12⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
        
        C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
        13⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
        
        C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
        14⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
        
        C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
        15⤵
        
        PID:720
        
        C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
        
        C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
        16⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
        
        C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
        17⤵
        
        PID:388
        
        C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
        
        C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
        18⤵
        
        PID:3064

C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
1⤵
PID:3260

C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
1⤵
PID:3456

C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
1⤵
PID:2532

C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
1⤵
PID:964

C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
1⤵
PID:1688

C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe
C:\Windows\system32\GroupPolicy\User\Scripts\Logon\winlogo.exe
1⤵
PID:3320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\autorun.bat

Filesize
13B

MD5
71913a000dbc8bbcfec89a131aa88ba6

SHA1
73140505ad37fe9f0faa324dae38499aedaddc64

SHA256
c463092c3d8d1c5867ae6ab31be744e6c696aebf8b8cd333a09863cfc43c66f9

SHA512
b62c25d774d328fa769298bdfdc83e456929a800514414ddd024e079e3f9279a956104f90ba6f4b404a24ed675a7d4dec6fd6afdea2bef96d7f71f085bb0985b

Download Submit
C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe

Filesize
197KB

MD5
02b0d9a0545a27a7f5f8ed019c0e77e1

SHA1
87a3f48fcbbdcf90c86be82e595ee93b8086c0d0

SHA256
6b9c2dddec31e141cdf841f0ba4aa0ad556f3e0873a1cc191ec3a31b9279ea30

SHA512
48c2e6d6203a0388dfcf7daf16a0678e380f54a3b2aa85afb8b28564e244ed691674b58623fd61ae57da56581aa7144ade04c80a48a8b1f908e448db3184516e

Download Submit
C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe

Filesize
148KB

MD5
e7ca08ed4ecb912596a7b554cca35c26

SHA1
877445e5b1b7eacbb379993c543a95b94f40d64e

SHA256
440790ce2157a49c2682f13b4b3fc6445a86f2e887a4fb25ac25ea62856f193e

SHA512
c63e343e7bca7896d9e38813e24597aa23c3b6cceef1c01bdd61ab7f21eb22d35e36d58ac9ff8562d9c0e87f568dc7e3a32bfa98cf19f33181ab45974464b6a8

Download Submit
C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe

Filesize
172KB

MD5
f6005d6901ea5b79a176b5e0506c9f51

SHA1
4e75628d5ba35e4a4cd313de0ff608f387b9fd5d

SHA256
88d6af3977cd60e8f46f5a99200c19423fe3bcacb48ba3d8a40a753db70b9edc

SHA512
4933cb573dd36e97c55400545cc949080874e4294d0157711e297afede30fcdf50de749d7a954f2d5303b54a7ace1c2b613e815b4742abce109b94de5df3d02a

Download Submit
C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe

Filesize
62KB

MD5
16dad9544caeea94dabfcbe59d42bdad

SHA1
bd9ee32c018e96a54f75c821e291d99adf11bf86

SHA256
9327b448977017cc7b10232959ed69ed67f49c044adaaa75e3744e88511346be

SHA512
e7e7e07747f2da9a9dde2bc4491e81a04af6f0d592e9ba369b6f337285562e1ab3998de765a31aa7a31d4ec27f8e6cda684cdb1c663ed84333be5cc95462e8f2

Download Submit
C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe

Filesize
62KB

MD5
8a586db935b284aa62776a432de80d1d

SHA1
f5c2c8cac81438e2349b6d7e8d4f299da9f7eaba

SHA256
742869c72cd1b349ff26263bfe98e93ab77001f453d8197de06b06e598a22272

SHA512
8893b014affe9bd2a70532115aa5024bcc1457126c42acf089efe5f22186edb225c94eef7b7217b9e81a8670410f08e7d91cda24f047922f95534f08421b02cf

Download Submit
C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe

Filesize
89KB

MD5
a3440dc582ebe2793614efd9f46ffb91

SHA1
c62116ebdc204319c80b6c54770f7acc83cbbd22

SHA256
969af7ea36e500869e6a9df4eeb5e483c59dd58ae76bad883e591228eead4ef9

SHA512
0247852a102aa0413df769334e0a274d45dba8ae27b74bd3043c72e6f67ac49545bf90b4391ebeb8290557cccfdcf2862dc9821afc9999d4a9e048ec3c157b88

Download Submit
C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe

Filesize
64KB

MD5
11db29b2ea7a2a68305b5005056fe818

SHA1
be217974b613877135b026a5e8f99d99a73ab0f0

SHA256
50842d0c09d6d347163e2d460fa4886c8f438e1922732a491c6e9ce1aa43c1fc

SHA512
8140cf62f2211440d487c9bcbdaed763ba2467926832aa0837659874b6dcb812385d1359cf5c05619df9e187e9503187e4159731cd7037cf862d4937b21e4bf1

Download Submit
C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe

Filesize
23KB

MD5
5815dd1c7d78854a2647ee6339497ff6

SHA1
e71e9c72305f736c847e16c0df5e5839b6181eaa

SHA256
22c90c7e482ae4ed89c70cb47a85594d3734c9969f9b5df65d768f349b05f291

SHA512
b6378cca5bc67d32f84db677d3bd462e8a515abff071198ab9e99f72f0bb22343bfd64197ab36966fdb0b37637460d48f6ba85ea0a81d1bd5a1d7bee3146795e

Download Submit
C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe

Filesize
31KB

MD5
28dfeea0c5d94fc755c54a999a55be0d

SHA1
e6fb8bcd306efa6c6dd65a0d9cc894a0c7b58141

SHA256
56437816da462c71954378182eb49bfeaf10a0833b8687e57df2192ab9dfddbf

SHA512
2f37852383094e6b9ae328b900fdb2cba09975dd813107d6dc496a85e68d14625044630c4b146d92fd72c14c2a5e03d7e1c0c7fb5e422f114942eb8a4202809f

Download Submit
C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe

Filesize
57KB

MD5
648502ba81b59a4e5dec66f064cf401c

SHA1
44a1f21e51f3fa79e0adb68f72738ed793ae33e7

SHA256
f4d8f237dd54c4c4c5bff0f0fa82dd6f4e831eaca5c1a709fddc7b20b4e5bae6

SHA512
4cdacd4041b80c40f8f8564c393e2454640b7a17689b08edab5b4243980048c53d75877a0986fb9e6d6af8694cc19bd147169730711ac546c071a189fde053e5

Download Submit
C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe

Filesize
61KB

MD5
7683c6b0c6750e05e56b7b92ec59f918

SHA1
0eae3f8510bb1335a6b0c9dd0ec230e658f936d9

SHA256
31b8bbb47e501e2ee77f2739b9ed643f13a6f82588f80c42e6ce16c572d3ea2d

SHA512
93b1fde737a3c24731c3007a89bd8fd93b82c3c5656aa21cd5dbfbf63fbacac0b8975f20dc3dd1615af1ef9876d8c8b291af357488370ed1e109bee691ddf11c

Download Submit
C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe

Filesize
67KB

MD5
019c115ffd920c5fd27fb21f4f381289

SHA1
9c7eca0292fe0b543378fb605afd344614b7d3af

SHA256
b8d49ba1d7be5eb96610acefb96ff68f7557d6f46b52f39d35c6bc40b7fd4387

SHA512
e4c5da9408c0f698980f3921e5298f063d4ee2a3403dd515c69e0c1327a06e34d4c34f7d6540f701df94ea91d766b48630d65a4c3194977f1a18c70e811fb1d2

Download Submit
C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe

Filesize
72KB

MD5
7f9a3ae363a544fb9c1c878e4ee0d189

SHA1
128f6d40c83226eb47e3a9a87bbe432a9e8d83ed

SHA256
98abf32ac8aaaf5a4c1095463718ceaf48c8f2abfe47a469d19574539b05b845

SHA512
6f6f29a48f915f7a1bdb29d1a01a10245a3564ad976056c7975212f582a0d31e48d0b53c329c8b2743760329cc3b80a633877ba89fa5f5fc5cabafb00d8adebe

Download Submit
C:\Windows\SysWOW64\GroupPolicy\User\Scripts\Logon\winlogo.exe

Filesize
6KB

MD5
84b886c1f437c95097e360844c5fa391

SHA1
d3a747928e691bb116d570747706fdfa50029c59

SHA256
f501ac98b97f994da83100b0e932f49123c749753d1aba92d9a01e4f97598267

SHA512
1e220e9b2f651cbd40b33301795f2744ad60dddeeca10a9e6f6a2a6e8730b9638f1f26701a52261e28fb1a8743e87e275ad063720159ce9ac1e030d741512dca

Download Submit
C:\Windows\SysWOW64\GroupPolicy\User\Scripts\scripts.ini

Filesize
49B

MD5
24dadffd3eb142e1b510808fa1f41a16

SHA1
3f07d82c09b37de7c962b07abd30821674590658

SHA256
e00c8a2cbb301f52e8cff491e04657a6218bd569d2c9ff80a06b19d748e3d8dc

SHA512
de98151900c07e44e25168215f751781a2f00f6dc261e0c7774eb22418da1dd48d9cdb3c6f87657a0f8fb45350f3c23a54019fd1b1d2f0c7b3fb9a4e77bc07fe

Download Submit
C:\Windows\SysWOW64\GroupPolicy\gpt.ini

Filesize
263B

MD5
aa213b03fdf5a0d6d97bac1b4c8f20e4

SHA1
f5e1e150c2691d339a339a88f222df9c13a2dc8b

SHA256
cb4da959a75b71fcf859cbf2a4a16892e7bd84537cfdcdd208a544cf8e994fa4

SHA512
cfb69d5086aa7846edacb1fc12fa8ff3e562c131682bf12bd48af98eba8d09c69a93a4f1590e1e08724213b3f3862894838002757fa5a6536462149f9a831b22

Download Submit
memory/440-184-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/936-147-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/936-102-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/936-103-0x00000000020E0000-0x00000000020E1000-memory.dmp

Filesize
4KB

Download
memory/964-132-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/964-171-0x00000000021E0000-0x00000000021E1000-memory.dmp

Filesize
4KB

Download
memory/964-169-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/964-131-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/964-167-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/964-133-0x00000000021E0000-0x00000000021E1000-memory.dmp

Filesize
4KB

Download
memory/1688-129-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/1688-161-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/1688-121-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/1740-101-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/1740-68-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/1784-58-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/1784-89-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2056-179-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/2056-178-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2100-141-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2100-99-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/2532-142-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2532-175-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2636-30-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2636-31-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/2636-70-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/3040-170-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/3040-176-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/3260-183-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/3260-168-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/3260-160-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/3320-112-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/3320-154-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/3320-119-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/3400-192-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/3400-188-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/3456-151-0x0000000002080000-0x0000000002081000-memory.dmp

Filesize
4KB

Download
memory/3456-177-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/3600-20-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/3600-67-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/3600-25-0x0000000000720000-0x0000000000721000-memory.dmp

Filesize
4KB

Download
memory/3600-21-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/3924-2-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/3924-0-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/4136-18-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/4136-50-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/4468-74-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/4468-71-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/4468-111-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/4756-47-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/4756-48-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/4944-128-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/4944-90-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads