49c92864b8fbd7ba28da801d0298a029fc832d454c445ba4ced12faddd0f65a5

Analysis

max time kernel
1s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 07:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49c92864b8fbd7ba28da801d0298a029fc832d454c445ba4ced12faddd0f65a5.exe
Size

1.4MB
MD5

e36614455f58a676dbae883550e6f5bd
SHA1

25bba6efec294ac6aa44e3440ba2499804a9b422
SHA256

49c92864b8fbd7ba28da801d0298a029fc832d454c445ba4ced12faddd0f65a5
SHA512

21f35168bc37faad422e0c53ae44ecf20a10b8233cb34a4acd0de72be2838a3371a5abe07308e8ffb99bc8c70437eec3e597aee623fca081b79dbab372cfdd48
SSDEEP

24576:V05uhGZyuA2J20bTlO/WTyWo3LaDuyawx44DSVXT5Xepp:maGU0JRbpOUcLay1E49XT5Xepp

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2024	49c92864b8fbd7ba28da801d0298a029fc832d454c445ba4ced12faddd0f65a5.exe
2024	49c92864b8fbd7ba28da801d0298a029fc832d454c445ba4ced12faddd0f65a5.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2024	49c92864b8fbd7ba28da801d0298a029fc832d454c445ba4ced12faddd0f65a5.exe
Token: SeDebugPrivilege	2024	49c92864b8fbd7ba28da801d0298a029fc832d454c445ba4ced12faddd0f65a5.exe

C:\Users\Admin\AppData\Local\Temp\49c92864b8fbd7ba28da801d0298a029fc832d454c445ba4ced12faddd0f65a5.exe
"C:\Users\Admin\AppData\Local\Temp\49c92864b8fbd7ba28da801d0298a029fc832d454c445ba4ced12faddd0f65a5.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
560459e76bd7be4ef3f207ee0605d47a

SHA1
1b3657645f958fe711d989cbf2b42483d54d16cd

SHA256
46ac0a6a6f2ee95eb0b1e083531b14ba3a98a5f4123315d19d923e92525c7cf9

SHA512
448aeb1e839b4e1962382e74668c3266b9f2d3a896cc4e64d4bdef26f35748c4ac76fdf938e5695fc4ad756ac251918ad187fb1e905b40010ff91b9492ed5401

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdfc4b9cdcd519f922b127401f67cbd6

SHA1
491199e695716d53dc40d7cb48a66d90d186c957

SHA256
95f832d8259a9861b9dcc51a73d0f253024a7043992b01145814b5e9773da2d4

SHA512
4992029e2d4fcee36a8427ca7d8123aaf2a6a2c38a25bb0deef4d3e9a0164a30e4495f2b88002bdeba9a123ddcc832e26f820a2723c1755a695a9c06e4c9cc9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2686.tmp

Filesize
19KB

MD5
e998f48acbf7fdf666831c9a4020caa8

SHA1
de05c0d2ad33c14f3c59728dfe2a790502450c86

SHA256
d06984972bb691ea849bc56f3b1055ad377a0944b4bf61e7e3a858599eedb497

SHA512
c37d9f5aa429bfcf065a4040c1e599dfed75f63c4914889fb932d95c5bc26114e4ee7295c710746d759f5e2e33419b9687bfa3e0cfc97c7adbe6f589b2723cc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2B79.tmp

Filesize
1KB

MD5
7acf8f126f0e6094b05c4c078cd4442e

SHA1
a14acdafd6530c6e5c81a513b88893db53ac7bb8

SHA256
af57b6069953416469d3b2410d08aa28e8b1745035328dd1d0efa1f53f4487a4

SHA512
5d796b4431891eb90311101f53b4785d81755001453512394d912833cba34046e09776b263ea2a9969aba8060619dd6c2f707e9f75a51f007166d27563e2dbab

Download Submit
memory/2024-4-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download
memory/2024-5-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download
memory/2024-1-0x000007FEF5AF0000-0x000007FEF64DC000-memory.dmp

Filesize
9.9MB

Download
memory/2024-10-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download
memory/2024-0-0x0000000001D30000-0x0000000001D64000-memory.dmp

Filesize
208KB

Download
memory/2024-6-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download
memory/2024-3-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download
memory/2024-84-0x000007FEF5AF0000-0x000007FEF64DC000-memory.dmp

Filesize
9.9MB

Download
memory/2024-2-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download
memory/2024-124-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download
memory/2024-126-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download
memory/2024-125-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download