de5dc23f9794ae3c2cf7ea102a50b3fbc4f1b54229ff87dce56c73a3fb1c1d03

Analysis

max time kernel
5s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 04:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0670adf6d934f2642d33220a1c6fa0d1.exe
Size

23.7MB
MD5

0670adf6d934f2642d33220a1c6fa0d1
SHA1

d2c12675ee8941071ed08f02f357fe30ca1e3e95
SHA256

de5dc23f9794ae3c2cf7ea102a50b3fbc4f1b54229ff87dce56c73a3fb1c1d03
SHA512

a487c1aca7cfc20a886edc92614f3287e134377d1cf63b436063666a37225c10311006793729ccba1858eb9f513d367e4a8136fa330fe63e89509ec66fb95e33
SSDEEP

393216:uaq/j0SymQc9B+7cwWc8MU3p7T+kZyZG/G7ISHpJBaopSXykI7sgDUjVq:uB/QSTQyB+72xh+2G7dHpo9gYjVq

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
376	0670adf6d934f2642d33220a1c6fa0d1.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
376	0670adf6d934f2642d33220a1c6fa0d1.tmp
376	0670adf6d934f2642d33220a1c6fa0d1.tmp
376	0670adf6d934f2642d33220a1c6fa0d1.tmp
376	0670adf6d934f2642d33220a1c6fa0d1.tmp

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	376	0670adf6d934f2642d33220a1c6fa0d1.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 376	3872	0670adf6d934f2642d33220a1c6fa0d1.exe	24
PID 3872 wrote to memory of 376	3872	0670adf6d934f2642d33220a1c6fa0d1.exe	24
PID 3872 wrote to memory of 376	3872	0670adf6d934f2642d33220a1c6fa0d1.exe	24

C:\Users\Admin\AppData\Local\Temp\0670adf6d934f2642d33220a1c6fa0d1.exe
"C:\Users\Admin\AppData\Local\Temp\0670adf6d934f2642d33220a1c6fa0d1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Users\Admin\AppData\Local\Temp\is-MJ0QF.tmp\0670adf6d934f2642d33220a1c6fa0d1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-MJ0QF.tmp\0670adf6d934f2642d33220a1c6fa0d1.tmp" /SL5="$D01C6,24104104,139264,C:\Users\Admin\AppData\Local\Temp\0670adf6d934f2642d33220a1c6fa0d1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:376
- - C:\Users\Admin\AppData\Local\Temp\is-7FIT8.tmp-dbinst\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-7FIT8.tmp-dbinst\setup.exe" "C:\Users\Admin\AppData\Local\Temp\0670adf6d934f2642d33220a1c6fa0d1.exe" /title="Driver Booster 7" /dbver=7.3.0.675 /eula="C:\Users\Admin\AppData\Local\Temp\is-7FIT8.tmp-dbinst\EULA.rtf" /showlearnmore /pmtproduct /nochromepmt
    3⤵
    PID:1088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-MJ0QF.tmp\0670adf6d934f2642d33220a1c6fa0d1.tmp

Filesize
92KB

MD5
41eff616404ae6b32b42fb3bcf16fe3e

SHA1
470e160d4d1085c75507a2d71729e2990c0d3a47

SHA256
370bcc0fb7736805d803cfa976013b87678ac734c4f033986f2a16dae8f43c49

SHA512
4bdf4f378082fd597e91bd2450e47117984f2c6179f33061ec7b1559e276013cf1cfa5d39922971e9febd1b2ba90927015376a8e117f6338ab3643d342278c24

Download Submit
memory/376-55-0x0000000000400000-0x0000000000531000-memory.dmp

Filesize
1.2MB

Download
memory/376-6-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/1088-161-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/1088-163-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/1088-172-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/1088-58-0x0000000004040000-0x0000000004041000-memory.dmp

Filesize
4KB

Download
memory/1088-67-0x00000000069C0000-0x00000000069C1000-memory.dmp

Filesize
4KB

Download
memory/1088-73-0x0000000006B10000-0x0000000006B11000-memory.dmp

Filesize
4KB

Download
memory/1088-158-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/1088-160-0x0000000004040000-0x0000000004041000-memory.dmp

Filesize
4KB

Download
memory/1088-159-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/1088-171-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/1088-162-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/1088-170-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/1088-164-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/1088-165-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/1088-166-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/1088-167-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/1088-168-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/1088-169-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/3872-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3872-2-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3872-57-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download