cb7bcd3077be1a2e93bb462edcaa7fa32b225f999e251ea5a2eef1d143763a4f

Analysis

max time kernel
149s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 15:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0301599b9a895b76b1f5602c00d846cf.exe
Size

50KB
MD5

0301599b9a895b76b1f5602c00d846cf
SHA1

8c4423d2b1e1645b81246bf18767f71981d0ade7
SHA256

cb7bcd3077be1a2e93bb462edcaa7fa32b225f999e251ea5a2eef1d143763a4f
SHA512

10267d2f998d863fec09dcbfe81470ecb1260e21b1598224032b4ffd574480fa13f66d8109f3f0e2fcf192345780a7ac687aa85517a34273a10ffa24c53b2868
SSDEEP

768:V8Mb9sU4+Vya5Wk7Fy3hJ0RYKebw+5a4+BrGZ+Fi6TBL7y38MQvJ9Fm8sdE7:2Ix4w1vFGhJ0qKAw8+MUZTBXysMQUfd

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
4620	0301599b9a895b76b1f5602c00d846cf.exe
4620	0301599b9a895b76b1f5602c00d846cf.exe
4620	0301599b9a895b76b1f5602c00d846cf.exe
1432	svchost.exe
1432	svchost.exe
2328	svchost.exe
1432	svchost.exe
2328	svchost.exe
2328	svchost.exe

Program crash 1 IoCs

pid	pid_target	Process
1500	2328	WerFault.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4620	0301599b9a895b76b1f5602c00d846cf.exe
4620	0301599b9a895b76b1f5602c00d846cf.exe
4620	0301599b9a895b76b1f5602c00d846cf.exe
4620	0301599b9a895b76b1f5602c00d846cf.exe
1432	svchost.exe
1432	svchost.exe
1432	svchost.exe
1432	svchost.exe

Suspicious behavior: MapViewOfSection 3 IoCs

pid	Process
4620	0301599b9a895b76b1f5602c00d846cf.exe
4620	0301599b9a895b76b1f5602c00d846cf.exe
4620	0301599b9a895b76b1f5602c00d846cf.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4620	0301599b9a895b76b1f5602c00d846cf.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 1432	4620	0301599b9a895b76b1f5602c00d846cf.exe	29
PID 4620 wrote to memory of 1432	4620	0301599b9a895b76b1f5602c00d846cf.exe	29
PID 4620 wrote to memory of 1432	4620	0301599b9a895b76b1f5602c00d846cf.exe	29
PID 4620 wrote to memory of 2328	4620	0301599b9a895b76b1f5602c00d846cf.exe	28
PID 4620 wrote to memory of 2328	4620	0301599b9a895b76b1f5602c00d846cf.exe	28
PID 4620 wrote to memory of 2328	4620	0301599b9a895b76b1f5602c00d846cf.exe	28
PID 4620 wrote to memory of 1844	4620	0301599b9a895b76b1f5602c00d846cf.exe	27
PID 4620 wrote to memory of 1844	4620	0301599b9a895b76b1f5602c00d846cf.exe	27

C:\Users\Admin\AppData\Local\Temp\0301599b9a895b76b1f5602c00d846cf.exe
"C:\Users\Admin\AppData\Local\Temp\0301599b9a895b76b1f5602c00d846cf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Windows\explorer.exe
  C:\Windows\explorer.exe
  2⤵
  PID:1844
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe -k netsvcs
  2⤵
  - Loads dropped DLL
  PID:2328
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe -k netsvcs
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2328 -ip 2328
1⤵
PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 1268
1⤵
- Program crash
PID:1500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4882.tmp

Filesize
108KB

MD5
5234c5a685353ce16fc38ac6dd9546af

SHA1
2bec4fc88350bcdda6982d73434c6b0ccff96918

SHA256
7a33f8f93dd04483997fdf496b63f133d430c23bd41c84796a47c5a7e5b82404

SHA512
518863db3876b34326a22a82ce4dc04fa63fb0e6474606f4d7b9427595ebb8fab281f79300e5024b7a160132295c5bf6f3c481ef0a6ba61152c1ee5516f0e620

Download Submit
C:\Users\Admin\AppData\Local\Temp\48A3.tmp

Filesize
263KB

MD5
d01dc92ab5b62e48d5f74db3eeeb2ddb

SHA1
f03070cb3309d181859637f9749ca341ed80fac3

SHA256
bc2fdbc36adb9698827d843e22ebee2d73a8581d8a5355cd8ab4c626f6d439ea

SHA512
259d4620df2e3e09217c0188fe790f284550c66b8bb00908108b2a826c84807fba3a5159049e5833c10ff04b2aab2ff0b1eee33d3a7661523315128cd1c31f1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\48B3.tmp

Filesize
346KB

MD5
a0134ef747ee68733652ca5c9c07ca15

SHA1
a8fc3c14bfee94e7794ecbb2aef6112fc3837048

SHA256
428521e98c1eeec3fa4bd50ae2ebe9256375adbe4e1bf6cd3371e7d4e496ff60

SHA512
1232876138cb82f549c4174b5156554c3c693f3a434a647c0db8c11e10dd54e3e3d19b6ac2dff8161cffe4f165e28826d4ed7c0d876cf4acbfb1e7b5f8ce89cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\4A67.tmp

Filesize
241KB

MD5
b1f686b5889d0dcf03942d6b01716247

SHA1
152812de40700a7bb81c12a9084855ed7aa5240f

SHA256
f1a4c28d9ec1244c048032083fa37f944b640aff2aa97c1a644ef184b41af8b4

SHA512
8127232ce06c541177e0adfa370e13ca6097e0f87d5a4bba19dc4cca1c469cbf9f4565de874269c3e998981d7fa3335e2a42da051ec3c6f6866f9aa97ce47d1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\4A68.tmp

Filesize
237KB

MD5
13e8887b4d0a24a2ecdb27c1eb3de3b6

SHA1
9cca1ed037441e2b640022197c8c14f61c3fda8f

SHA256
d1fa8c713edb8d6d2a23a702d7f30169b520bd49c4a54bc996205caacd2d688e

SHA512
f9609b90ac8a7a64389300331f5b400336637ea3e5a89de1d59786100140f94a98d2d7084ddd933d6c543de2fbadcdc3787a46cc3ecba8cb2bd86ec43210b53b

Download Submit
C:\Users\Admin\AppData\Local\Temp\4A68.tmp

Filesize
271KB

MD5
62319914bbb53f8ac86fcee274f8fc42

SHA1
5b4179914061f2e3fa3dac1c9a188ee0be6fc4bc

SHA256
a0aa48b54ec0a0e6bc87ecc2167030e5d04897bbb50c5c706de319bb906665ff

SHA512
11183bc55d74983156561818ac473c453d201ee0c999303e13ae2db1900a74fd58f3070298b3f851d40a09e6fbe3411495bcc4b28b5931c659d30e9c5ca75fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\4A77.tmp

Filesize
326KB

MD5
253e78af9965b93630c97238d7962f89

SHA1
c8fe8cd69f37c81aa47fd706f55d972e93196814

SHA256
fca10721b54a5f0033d8e1ba828428ecf50e52b22c1c82502b90fab196b853e6

SHA512
731f8f1f2031301c080527137b0166b8f0751b7753b53d6cbdf28d85cae7ed6e81b8c92d2a6cc98b3a5e5c91541351c444d561be5cac07a8a5fb6db2af32c7c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\4A77.tmp

Filesize
166KB

MD5
0ffbb362e300d97e27e02ae689f2c06a

SHA1
6ca53d9300a838adc2ad7abd8b3a519b84fb8ed4

SHA256
5ef275f62ed7340d52aa54bdfcc6627bb51c5cffc65cbbc8e09031b7eab0b15b

SHA512
ab6e9f21193a22d2ee938ec5e2fabd9242d27e19d7a3da220271de1226d105d87d09593c345485801f526fe673fa84fc834d598eb44ff2324174690ac1c8ce8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\4A77.tmp

Filesize
396KB

MD5
052dcf237668fefa4f8edd37e72c4965

SHA1
e8554a43174e7bb14f3a73c6580af04c70bad69a

SHA256
3d002617732152605dd2f534c85093abe46337f82734aeedac7e5eba423e6c9d

SHA512
5bac11bafb905ceb9b70390b3ee91c66dbcc47e3533c3f4dfc9066df5258bdcb1a872bdfd8b770edc539e77d069e976743be5fef873c19510fbc3c1a94afe385

Download Submit
C:\Users\Admin\AppData\Local\Temp\4A78.tmp

Filesize
263KB

MD5
a15663be42f7a56ccf4b29e70fa89637

SHA1
dae3e6ff1c7b889bb62b52126fc844c89cb7998f

SHA256
e9fc7b9a8b2315d527ceacf2b10e2266292e4c46c9acc5c7c030dc30baa6da92

SHA512
15263e9b69aa9e64bbae6603438810f677797ea0c29fc31dad4039d504c0c6551e0e47c2eadbf77beb08d5550dc16597775b60984a3e39a75116c1a8d7d483d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\4A88.tmp

Filesize
250KB

MD5
c206aa3a6020657466a83dae2dd2743c

SHA1
570d1126809312a6a29d5163a5809ea268d3d069

SHA256
6407185e060059589ceb82127d4fb386423498dd217e0e78457b48247354a54d

SHA512
2c0f50f97b01892cc6421dd5fa1f446a1ed1a130a0c50a9bd1e48029c32358089753eabdf5356d8273ab3595f182be56842b14a7aa7ce721b1c99b897bad747c

Download Submit
C:\Users\Admin\AppData\Local\Temp\4A88.tmp

Filesize
248KB

MD5
3e9f0a698df8c458bb81454602324188

SHA1
56b1f3d93ea9d10eac323df33d4605ab2f8b2f4b

SHA256
12e55af91fab2c39537f5ca61b299bbd4f343369b7acb82a71bfe6941a3a4b24

SHA512
ccf174299fba8067592fa0d49d2d6f8865f34f7f2abf3e2d0801cb54b138cbd6308489679faa93c5cc064897422f7eba18e6375a342aeca92c598201ecd07725

Download Submit
memory/1432-120-0x0000000000C80000-0x0000000000C94000-memory.dmp

Filesize
80KB

Download
memory/1432-113-0x0000000000C80000-0x0000000000C94000-memory.dmp

Filesize
80KB

Download
memory/1432-102-0x0000000000C80000-0x0000000000C94000-memory.dmp

Filesize
80KB

Download
memory/2328-115-0x0000000000FE0000-0x0000000000FF4000-memory.dmp

Filesize
80KB

Download
memory/4620-71-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-60-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-77-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-78-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-111-0x00000000022D1000-0x00000000022D3000-memory.dmp

Filesize
8KB

Download
memory/4620-67-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-56-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-58-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-54-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-41-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-34-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-90-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4620-36-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-35-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-83-0x00000000022D1000-0x00000000022D3000-memory.dmp

Filesize
8KB

Download
memory/4620-81-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4620-80-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-79-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-75-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-74-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-27-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-70-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-69-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-68-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-65-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-64-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-63-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-62-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-61-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-72-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-55-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-53-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-52-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-51-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-50-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-49-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-48-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-47-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-46-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-45-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-44-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-43-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-39-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-37-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-32-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-31-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-30-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-29-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-28-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-26-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-25-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-24-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-23-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-22-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-21-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-15-0x00000000022D0000-0x00000000022D9000-memory.dmp

Filesize
36KB

Download
memory/4620-2-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4620-1-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4620-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download