Overview

overview

7

Static

static

3

1253d0e773...5b.exe

windows7-x64

7

1253d0e773...5b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    160s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 21:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1253d0e7737bbd09dc4b842466e7cb5b.exe

  • Size

    459KB

  • MD5

    1253d0e7737bbd09dc4b842466e7cb5b

  • SHA1

    3b110cdc32f9e146a91f1a500bff84fa9c333a13

  • SHA256

    13ae9c0fa914893d99af9e3e0cf7e0bc2dee46f94ada204a28fb38518802bab4

  • SHA512

    5e109450a96391a7a3cb37c74d4cefc3c40c0fc97be015f735b035826c8969e97d7b100843205bfda1a5314e590b17d6bc11ec237920847a338c096b665175e8

  • SSDEEP

    6144:RXP2VguYIgrGRq6tHPbhpDEOb59H7wsh2iESrhtiJg3BGVP0SLDFEpojsJPYf:JkgrL6tAOb7H7jcSrDiWGVMUEpojsJ0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1253d0e7737bbd09dc4b842466e7cb5b.exe
    "C:\Users\Admin\AppData\Local\Temp\1253d0e7737bbd09dc4b842466e7cb5b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Users\Admin\AppData\Local\Temp\mgisajvngqihim\zsiilitzcpioq.exe
      "C:\Users\Admin\AppData\Local\Temp\mgisajvngqihim\zsiilitzcpioq.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\mgisajvngqihim\parent.txt
    Filesize

    459KB

    MD5

    1253d0e7737bbd09dc4b842466e7cb5b

    SHA1

    3b110cdc32f9e146a91f1a500bff84fa9c333a13

    SHA256

    13ae9c0fa914893d99af9e3e0cf7e0bc2dee46f94ada204a28fb38518802bab4

    SHA512

    5e109450a96391a7a3cb37c74d4cefc3c40c0fc97be015f735b035826c8969e97d7b100843205bfda1a5314e590b17d6bc11ec237920847a338c096b665175e8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mgisajvngqihim\zsiilitzcpioq.exe
    Filesize

    7KB

    MD5

    ed9f29dcad3d7177bb3a022a6148dbe9

    SHA1

    c13ff13952181c5aa5137c6bc1cddb924abacd33

    SHA256

    d29936029335e8eddb46e1c1f0b34ab469e78c7f3c4cf807264d50291726ef14

    SHA512

    21508b7a1ebff3aa167b35bebb8c6ca2e32089443c6a6fbd9456720038a6b94a891491c436cba1658e8c40022749cc11b48da69464b2a90b57ba87989bb02198

    Download Submit

  • memory/4748-14-0x0000000000AF0000-0x0000000000B00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4748-15-0x000000001DE50000-0x000000001DEB2000-memory.dmp

    Filesize

    392KB

    Download

  • memory/4748-8-0x000000001B250000-0x000000001B294000-memory.dmp

    Filesize

    272KB

    Download

  • memory/4748-9-0x000000001B760000-0x000000001BC2E000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/4748-10-0x000000001BCD0000-0x000000001BD6C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4748-11-0x0000000000AD0000-0x0000000000AD8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4748-12-0x0000000000AF0000-0x0000000000B00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4748-13-0x0000000000AF0000-0x0000000000B00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4748-6-0x0000000000AF0000-0x0000000000B00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4748-7-0x00007FFD35490000-0x00007FFD35E31000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4748-5-0x00007FFD35490000-0x00007FFD35E31000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4748-18-0x0000000000AF0000-0x0000000000B00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4748-24-0x0000000021540000-0x0000000021CE6000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/4748-28-0x0000000020010000-0x00000000204C7000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/4748-29-0x00007FFD35490000-0x00007FFD35E31000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4748-30-0x0000000000AF0000-0x0000000000B00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4748-32-0x0000000000AF0000-0x0000000000B00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4748-33-0x0000000000AF0000-0x0000000000B00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4748-34-0x0000000000AF0000-0x0000000000B00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4748-35-0x0000000000AF0000-0x0000000000B00000-memory.dmp

    Filesize

    64KB

    Download