Overview

overview

7

Static

static

3

091e2e2e23...61.exe

windows7-x64

7

091e2e2e23...61.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 17:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    091e2e2e239281991d33e5094029ca61.exe

  • Size

    319KB

  • MD5

    091e2e2e239281991d33e5094029ca61

  • SHA1

    b7404706b291382d67f568df667ce0b7feeca17c

  • SHA256

    9d72b12fb708e82a967394e594acc433f84950a1bb5a544999b6a04a5570c945

  • SHA512

    fe4fe11c6efcc61c680b11b45dae59eecfb858098b4b0555f9681811b00437c37688d99f0f6bc7ced34cf28fbf715ebe15f15f688bb6852e9f91bc7278430879

  • SSDEEP

    6144:T46E7LabA3oWuWJxEMZzry91JK3yNTLyBZA2VECnZnpE8D6SxNb/rl:T4D7Lab6nbJ9a3JYyNCBZZZpEHwt/J

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\091e2e2e239281991d33e5094029ca61.exe
    "C:\Users\Admin\AppData\Local\Temp\091e2e2e239281991d33e5094029ca61.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2404
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\DELME.BAT
      2⤵
        PID:1104
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      1⤵
        PID:4000
      • C:\Windows\ttsn.exe
        C:\Windows\ttsn.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:1504

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\DELME.BAT
        Filesize

        190B

        MD5

        52cac4903d58c33c947ba6489637ccad

        SHA1

        7ddc6ec742dba57387549a8e92ebdd64969a0501

        SHA256

        3b550d7a4de58f66e2497530eb8e54dbf027fefc4f7186bc14459a1331cdaadd

        SHA512

        7c3a41d3d5c9092fe646eb9408ba2ee6d41898632bb99423364a2c684255e07d1661edc9d7196f93f0823c38d18e28512c469d170def9fb05a4d4020b4223aea

        Download Submit

      • C:\Windows\ttsn.exe
        Filesize

        51KB

        MD5

        cd7d18b2bfe0be72e1ed56b6a12274f1

        SHA1

        f74cb11af5acc722b7205717fec9336010ba9e64

        SHA256

        975f99c7b93d35dc11ff3dbff4644bab4b88dc80636a884413fd5b67a16ca25d

        SHA512

        284b601f6a7176f28a6b6d634babf14fc6450ee35e6d2187951db1128b17d526b5b5c5019e51116235b6d05064b39c1072e9fb899a54a5aa8bfc74849007dffe

        Download Submit

      • C:\Windows\ttsn.exe
        Filesize

        47KB

        MD5

        bdd8e22cb03db5588bbcffa8988a2f04

        SHA1

        5d273a1ed6bf9ab523e5a329fa01c00a72b174fe

        SHA256

        5d1c0755b16ff838514f3040686b6c2c25df704e0ba00c4539f03c1547f51003

        SHA512

        70e577fa7d73413db34289feb0b954bd700108807934c9338f3fe45920755eda677e99a13d540d0e63b24536249ae607e674e428d9ab3b6ad6ada1fe9dff89cc

        Download Submit

      • memory/1504-10-0x0000000000400000-0x00000000004CA02E-memory.dmp

        Filesize

        808KB

        Download

      • memory/1504-5-0x0000000000EE0000-0x0000000000EE1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1504-11-0x0000000000400000-0x00000000004CA02E-memory.dmp

        Filesize

        808KB

        Download

      • memory/1504-12-0x0000000000EE0000-0x0000000000EE1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1504-15-0x0000000000400000-0x00000000004CA02E-memory.dmp

        Filesize

        808KB

        Download

      • memory/1504-16-0x0000000000400000-0x00000000004CA02E-memory.dmp

        Filesize

        808KB

        Download

      • memory/1504-19-0x0000000000400000-0x00000000004CA02E-memory.dmp

        Filesize

        808KB

        Download

      • memory/1504-20-0x0000000000400000-0x00000000004CA02E-memory.dmp

        Filesize

        808KB

        Download

      • memory/1504-23-0x0000000000400000-0x00000000004CA02E-memory.dmp

        Filesize

        808KB

        Download

      • memory/1504-24-0x0000000000400000-0x00000000004CA02E-memory.dmp

        Filesize

        808KB

        Download

      • memory/2404-8-0x0000000000400000-0x00000000004CA02E-memory.dmp

        Filesize

        808KB

        Download

      • memory/2404-0-0x0000000002260000-0x0000000002261000-memory.dmp

        Filesize

        4KB

        Download