664c22959e545e05ca6ca1a1012881a731015894be9c89c00118208379174765

General

Target

1244a7fe9f2bd24290ed00e7c2fd039c.exe
Size

6.4MB
MD5

1244a7fe9f2bd24290ed00e7c2fd039c
SHA1

7c8025a218937c70897d14f182de1324fccb9049
SHA256

664c22959e545e05ca6ca1a1012881a731015894be9c89c00118208379174765
SHA512

32d17f4acdf22df347773dc16b284d8f9d70dcbb1df3ad306e4b1dba23015118a0de49227fdcff2be159ba9f12ee2ebcb7ba4177c2e52b1eacb1c2cd390b6a1e
SSDEEP

196608:/DXJryvp10aEvcRVcdaNaqH+ex+PdQ3iVci1zwXAk:/rNyb1fcsNaqN+PZfNwwk

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3472	1244a7fe9f2bd24290ed00e7c2fd039c.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	1244a7fe9f2bd24290ed00e7c2fd039c.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	1244a7fe9f2bd24290ed00e7c2fd039c.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	1244a7fe9f2bd24290ed00e7c2fd039c.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	1244a7fe9f2bd24290ed00e7c2fd039c.exe
File opened for modification	C:\Windows\assembly	1244a7fe9f2bd24290ed00e7c2fd039c.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3472	1244a7fe9f2bd24290ed00e7c2fd039c.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3472	1244a7fe9f2bd24290ed00e7c2fd039c.exe
3472	1244a7fe9f2bd24290ed00e7c2fd039c.exe

C:\Users\Admin\AppData\Local\Temp\1244a7fe9f2bd24290ed00e7c2fd039c.exe
"C:\Users\Admin\AppData\Local\Temp\1244a7fe9f2bd24290ed00e7c2fd039c.exe"
1⤵
- Loads dropped DLL
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wy1x4n1j.2mq\7z.dll

Filesize
24KB

MD5
f5da1484d5bd8ff93acb27366cfa9668

SHA1
49fc2b0c1e9883250c7abb8484dbf3bfb8c2350f

SHA256
783126793bc39aa92a820504c6d8d548c30c729ff6d7aa1716ce2ec938618939

SHA512
09e7cf2f528d30e64bff5dec332c67caa4c16bad945700e5d62e2b63612f46bf0bca533285a3585ce71db7a08a7a1bbb56cc777dccec9a041d049bb17bf322ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\wy1x4n1j.2mq\html\images\bg-1.png

Filesize
1KB

MD5
9a06214c6652c451f6819254768c5e35

SHA1
c480e083fb049e95c8617f6532fdb244940d640c

SHA256
e31b99b201243f380fc11f6b11dafb34749b53152b77cbd6ff6a969bd0a61d17

SHA512
6349be9751b25dd280ebc3f295c923989afd8e473ae3d729b22b43f041e80237a182230d7e43cb6c467f7eddb4d776807f7a9b2f8f28cba93f0e5cd2a29f105d

Download Submit
C:\Users\Admin\AppData\Local\Temp\wy1x4n1j.2mq\html\page.html

Filesize
2KB

MD5
11c92dee6ee98a81980f6af71fb4ab33

SHA1
1e0902d94836b00de4c464c48cfd2490bcbaa7fa

SHA256
5feaa2e80be13ed7f053f0837e970f85b08398e877e8dd8733acd965a5991a4b

SHA512
0afaa0c0ca2876958add84fa4c845e0fcb8ac67fab99bda0d96745ab8b54272f08d58179238e9f6765c2edd42a22d3c1250d1ba406372e8e78b3bd7350bc3ad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\wy1x4n1j.2mq\html\page.html

Filesize
1KB

MD5
3813d5551798528cd465f582aac9f8d2

SHA1
2f1219c4475b029c1be71a4820bd8947213d5250

SHA256
9092d455916202d81d415fed0e399666ff921e2a972d44c11f1c3945ddfbc479

SHA512
7415614b33a4ea2304158e1e55755b1e7f8a14b208605aadde7045e315357bb2e6b4e68677a0aeba835fa6f9d4b4683c1c01d72c6ff5e98010530b780ea338dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\wy1x4n1j.2mq\html\page4.html

Filesize
2KB

MD5
ae6775109e86d7a90552ae9897d9e238

SHA1
6f87a00f82f206ac741c234cf3e551757ae88ec5

SHA256
019c5754b3e8a9aea7163f27b661fada55e93b2ecd1e3d5460b8c6466462696d

SHA512
318506d90447b9dd76c5bc42a23b489671d83f0f0f759f4e30902e6375bbdb23a726ebba5362e6ce536579a63612d88ec42ac7b8a222ea8cc4dfaad319ced241

Download Submit
C:\Users\Admin\AppData\Local\Temp\wy1x4n1j.2mq\html\page44.html

Filesize
2KB

MD5
b830b0d504e67ade99d97a097fa8dac9

SHA1
c1832a0af7bb4a8c61a10a46b0b02f55aca5f399

SHA256
9b9430f6855bedffe20ae65573aaa8d87cc017266353bfd813740885ebeaccd2

SHA512
fdacb86b4cce235b2facc699cb257211773aacd96cb6805e026c9e6da9e79e0bbc5ff2e8bc55160b2b355dffefc6f1dcb6541708c87cc46a81d0a1f01db13f51

Download Submit
C:\Users\Admin\AppData\Local\Temp\wy1x4n1j.2mq\html\page45.html

Filesize
2KB

MD5
95d639db5201007754b6debcb39aa45d

SHA1
a08876c698ba17935021fe927398689e609972d1

SHA256
37b8148067cbfc40544d2e6b9909fd13e979c2eb305ee8de2ba2a5d782bf79dc

SHA512
124f98a72ec6d742fad9a6bd265e79bfa6a2fc83382e1e8cf577b5d70eea0ec0d6ed851d5b5a4b955bb8a7908351c7c9026c081109464c61d40d8a46f1cf992f

Download Submit
C:\Users\Admin\AppData\Local\Temp\wy1x4n1j.2mq\html\page46.html

Filesize
2KB

MD5
4abb7a604419a117bf4d99ca44fa3a48

SHA1
287036f9b429416bc6c95556a0bacdc41ebf5e72

SHA256
23468aeedd86bba81dc63230edcd20e29796ce48b40a920cdfc78dc8ef47e6fc

SHA512
dbd42df706fd94d5e350af837758d010271941faf59dda7f7597f1a705764d31fba1b0a2b8e7122dff9ad23ca6398c642bb933ad01bd27f939f0486b06bcf9cc

Download Submit
memory/3472-160-0x0000000000C90000-0x0000000000CA0000-memory.dmp

Filesize
64KB

Download
memory/3472-167-0x0000000000C90000-0x0000000000CA0000-memory.dmp

Filesize
64KB

Download
memory/3472-15-0x0000000000C90000-0x0000000000CA0000-memory.dmp

Filesize
64KB

Download
memory/3472-161-0x0000000000C90000-0x0000000000CA0000-memory.dmp

Filesize
64KB

Download
memory/3472-0-0x0000000074B50000-0x0000000075101000-memory.dmp

Filesize
5.7MB

Download
memory/3472-163-0x0000000000C90000-0x0000000000CA0000-memory.dmp

Filesize
64KB

Download
memory/3472-162-0x0000000000C90000-0x0000000000CA0000-memory.dmp

Filesize
64KB

Download
memory/3472-164-0x0000000074B50000-0x0000000075101000-memory.dmp

Filesize
5.7MB

Download
memory/3472-165-0x0000000000C90000-0x0000000000CA0000-memory.dmp

Filesize
64KB

Download
memory/3472-28-0x0000000000C90000-0x0000000000CA0000-memory.dmp

Filesize
64KB

Download
memory/3472-166-0x0000000000C90000-0x0000000000CA0000-memory.dmp

Filesize
64KB

Download
memory/3472-168-0x0000000000C90000-0x0000000000CA0000-memory.dmp

Filesize
64KB

Download
memory/3472-169-0x0000000000C90000-0x0000000000CA0000-memory.dmp

Filesize
64KB

Download
memory/3472-2-0x0000000000C90000-0x0000000000CA0000-memory.dmp

Filesize
64KB

Download
memory/3472-1-0x0000000074B50000-0x0000000075101000-memory.dmp

Filesize
5.7MB

Download
memory/3472-178-0x0000000000C90000-0x0000000000CA0000-memory.dmp

Filesize
64KB

Download
memory/3472-177-0x0000000000C90000-0x0000000000CA0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing