7df03f5569d9a80eae365d620b5001c2ce864a771cfa4c3965962571d5411330

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2070dfe8450807e52558f315c0b32aa0.exe
Size

495KB
MD5

2070dfe8450807e52558f315c0b32aa0
SHA1

8d633dde10c706ff60a6d2b2383c0e5586b7b8ca
SHA256

7df03f5569d9a80eae365d620b5001c2ce864a771cfa4c3965962571d5411330
SHA512

0d8b476fa5525b1b113ca4041e82e95a329c038719d59b92184a0eb525f44b97e9ba31416734af3073c5f46aeaca9a40e61b4315d923dfcaca0954b67655e2bc
SSDEEP

12288:PFk2qTTPW4MSv/WK089BxVsCCFHerBAMx1SofGIItmuaCphVmmARY:r0jW4dw8TjsCiHoBr4IuCCdFz

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2020	2070dfe8450807e52558f315c0b32aa0.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2020	2070dfe8450807e52558f315c0b32aa0.exe
Token: SeIncBasePriorityPrivilege	2020	2070dfe8450807e52558f315c0b32aa0.exe
Token: 33	2020	2070dfe8450807e52558f315c0b32aa0.exe
Token: SeIncBasePriorityPrivilege	2020	2070dfe8450807e52558f315c0b32aa0.exe

C:\Users\Admin\AppData\Local\Temp\2070dfe8450807e52558f315c0b32aa0.exe
"C:\Users\Admin\AppData\Local\Temp\2070dfe8450807e52558f315c0b32aa0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2020
- C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\Native\STUBEXE\@APPDATALOCAL@\Temp\SacaCorchosGui.bat
  "C:\Users\Admin\AppData\Local\Temp\SacaCorchosGui.bat"
  2⤵
  PID:284
- - C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\Native\STUBEXE\@WINDIR@\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 176
    3⤵
    PID:2940
- C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\TheApp\STUBEXE\@APPDATALOCAL@\Temp\SacaCorchosGui.exe
  "C:\Users\Admin\AppData\Local\Temp\SacaCorchosGui.exe"
  2⤵
  PID:1808
- - C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\Native\STUBEXE\@APPDATALOCAL@\Temp\SacaCorchosGui.bat
    "C:\Users\Admin\AppData\Local\Temp\SacaCorchosGui.bat"
    3⤵
    PID:1296
  - - C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\Native\STUBEXE\@WINDIR@\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 280
      4⤵
      PID:2064
- - C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\TheApp\STUBEXE\@APPDATALOCAL@\Temp\SacaCorchosGui.exe
    "C:\Users\Admin\AppData\Local\Temp\SacaCorchosGui.exe"
    3⤵
    PID:1756
  - - C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\TheApp\STUBEXE\@APPDATALOCAL@\Temp\SacaCorchosGui.exe
      "C:\Users\Admin\AppData\Local\Temp\SacaCorchosGui.exe"
      4⤵
      PID:952
    - - C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\Native\STUBEXE\@APPDATALOCAL@\Temp\SacaCorchosGui.bat
        
        "C:\Users\Admin\AppData\Local\Temp\SacaCorchosGui.bat"
        5⤵
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\Native\STUBEXE\@WINDIR@\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 280
        6⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\TheApp\STUBEXE\@APPDATALOCAL@\Temp\SacaCorchosGui.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SacaCorchosGui.exe"
        5⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\Native\STUBEXE\@APPDATALOCAL@\Temp\SacaCorchosGui.bat
        
        "C:\Users\Admin\AppData\Local\Temp\SacaCorchosGui.bat"
        6⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\Native\STUBEXE\@WINDIR@\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 280
        7⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\TheApp\STUBEXE\@APPDATALOCAL@\Temp\SacaCorchosGui.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SacaCorchosGui.exe"
        6⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\TheApp\STUBEXE\@APPDATALOCAL@\Temp\SacaCorchosGui.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SacaCorchosGui.exe"
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\TheApp\STUBEXE\@APPDATALOCAL@\Temp\SacaCorchosGui.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SacaCorchosGui.exe"
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\Native\STUBEXE\@APPDATALOCAL@\Temp\SacaCorchosGui.bat
        
        "C:\Users\Admin\AppData\Local\Temp\SacaCorchosGui.bat"
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\Native\STUBEXE\@WINDIR@\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 280
        8⤵
        
        PID:2604
  - - C:\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\Native\STUBEXE\@APPDATALOCAL@\Temp\SacaCorchosGui.bat
      "C:\Users\Admin\AppData\Local\Temp\SacaCorchosGui.bat"
      4⤵
      PID:572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\SacaCorchosGui.bat

Filesize
7KB

MD5
e288eb76b13d7213fe5e6b32340bf3c4

SHA1
aef95fcbffaf3c8c5dbc000bad66aa261e8abff2

SHA256
a7bcc75fe013d81a673c29709ec672c7c643fe79c2ad3191ff5982754551407c

SHA512
e712098914adee30a40a8c910da222c7a1ffba0a703b97fd89be41f1acdb50b7f94e15a69edd7d6cc00c7be7e6cf493a47f7cfadcd2eb74ce2fa8ee0d2747be6

Download Submit
\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\Native\STUBEXE\@APPDATALOCAL@\Temp\SacaCorchosGui.bat

Filesize
16KB

MD5
3ff8e0093de5ae3848d3928a166645f6

SHA1
294b0bdfcbfec4d2dc89f753c67b14989f7d7b6b

SHA256
3d1bbd9cc25e6bf113c3c63583756d3fc0984e1de16d4227672f1d1a722261b6

SHA512
32ccccaffb4ea66a26e72126f9e269dedc2b5ef56c4d2e1a5379af5ee90ecef409a978d8a9b4819a8941df55c355e8320af4697f246468911e0c431aecf695ae

Download Submit
\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\Native\STUBEXE\@WINDIR@\SysWOW64\WerFault.exe

Filesize
16KB

MD5
72d4f769e975043a9cc4a868d7f05ad0

SHA1
c82de1fe024d4718e5d66996055f1f72e6eefeec

SHA256
cdb2d6c2f0a3e1add6411769372a879abd47384844460b005fb65de96e0aa11b

SHA512
db125646d6670e7e87cb1d4308cf5ea168910e0732cf66a385cdede442422e2b5dce9ad6f325439c5b7f4a43983e754a9b947c50580d48b07c6289fbeb63cfbd

Download Submit
\Users\Admin\AppData\Local\Xenocode\ApplianceCaches\SacaCorchosGui.exe_v294F5041\TheApp\STUBEXE\@APPDATALOCAL@\Temp\SacaCorchosGui.exe

Filesize
16KB

MD5
c519150d3cfcf794254b26f0d564eb95

SHA1
9588e4802accf3e3a723fac3a02d6d722d76512a

SHA256
3cdf7e821973334919dc24f473806ebee20bd1c292b57ff449aab118ebb576ba

SHA512
62b0d33c1b59c2a444e1d686e6206507b8b5a7cab58a227e5f3c8f498a752941fdb6fad741f0131ca4408529742b598e693d8ff50b4ece9dbc1f8d41acf3f248

Download Submit
memory/284-376-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-362-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-380-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/284-407-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-403-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-397-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/284-399-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-386-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-391-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-385-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-316-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-319-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-341-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/284-308-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-367-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-324-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-354-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-350-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/284-347-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-343-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-336-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-330-0x0000000000220000-0x0000000000272000-memory.dmp

Filesize
328KB

Download
memory/284-327-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/1808-359-0x00000000008E0000-0x0000000000932000-memory.dmp

Filesize
328KB

Download
memory/1808-311-0x00000000008E0000-0x0000000000932000-memory.dmp

Filesize
328KB

Download
memory/2020-191-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-13-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-243-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-189-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-173-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/2020-271-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-293-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-309-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-205-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-201-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-197-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-195-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-193-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/2020-0-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-143-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-142-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-140-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/2020-138-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-87-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-86-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/2020-74-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-62-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-315-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2020-60-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/2020-58-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/2020-55-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-33-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/2020-31-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-28-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-9-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-11-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-17-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-15-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/2020-199-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-294-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2020-292-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-291-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-290-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-289-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-288-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-273-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-108-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/2020-72-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-70-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-68-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-66-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-64-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-57-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-53-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-51-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-49-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-47-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-45-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-43-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-41-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-39-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-37-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-35-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-26-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-24-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-22-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-20-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-19-0x0000000077BF0000-0x0000000077BF1000-memory.dmp

Filesize
4KB

Download
memory/2020-2-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-7-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-1-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download
memory/2020-4-0x0000000000320000-0x0000000000372000-memory.dmp

Filesize
328KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads