8791b05c2148e563ac614459cc99e0280f6f7e56dba3bf478402531ed5e7d392

Analysis

max time kernel
1s
max time network
126s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 07:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8791b05c2148e563ac614459cc99e0280f6f7e56dba3bf478402531ed5e7d392.exe
Size

1.3MB
MD5

025c331c553287c5ac380e72ddcf2e31
SHA1

80af2b5248083229e418af9acb99271b88b358c3
SHA256

8791b05c2148e563ac614459cc99e0280f6f7e56dba3bf478402531ed5e7d392
SHA512

a9475534b29d6843a964f21b55b72d86eec34c42d48cb02214b6d2f2da955a56393dd874da126b955b2d1fc73889cfdcedf5d996cd5943bcd1d7d0e2903e6b58
SSDEEP

24576:0xfd8Ww3c9UBAt5qLlip1vlOiQbtDSVXT5XTOya:s8Ww3c9UM5T1tEuXT5XTO1

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2548	8791b05c2148e563ac614459cc99e0280f6f7e56dba3bf478402531ed5e7d392.exe
2548	8791b05c2148e563ac614459cc99e0280f6f7e56dba3bf478402531ed5e7d392.exe
2548	8791b05c2148e563ac614459cc99e0280f6f7e56dba3bf478402531ed5e7d392.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2548	8791b05c2148e563ac614459cc99e0280f6f7e56dba3bf478402531ed5e7d392.exe
Token: SeDebugPrivilege	2548	8791b05c2148e563ac614459cc99e0280f6f7e56dba3bf478402531ed5e7d392.exe

C:\Users\Admin\AppData\Local\Temp\8791b05c2148e563ac614459cc99e0280f6f7e56dba3bf478402531ed5e7d392.exe
"C:\Users\Admin\AppData\Local\Temp\8791b05c2148e563ac614459cc99e0280f6f7e56dba3bf478402531ed5e7d392.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
7KB

MD5
217cad969513c563ed444680cfe2a350

SHA1
a8f6fec645a9c03a2f6ccd90da6c068f645ef813

SHA256
2fa8117b6b0d5bc2d0df1e9370df80b6f16ddaa4aa9167c9149da5a02fca65c8

SHA512
9c40e363b1c1d8a36031a4c00da3111b50e8657a13293e5267bce643cb35b6fa03a8747b3d12d5d6a2bea1ae96d90142d114efedc572c46b2cadae925b6deb35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a3c4a872bfa8aae78eb62305aff07ab

SHA1
c1e365e1b046a9874fb2bc96d58744d7556c8c23

SHA256
912c23a4b9ebcb1d237e10bede1ddd6831292d1bcea1ecfd5f18fd972b267e93

SHA512
4e7afd0cd44934ab0dd504268575e23eeb25761814aab7101e62cc7d8b3e2b59cd54a27b5214386bffec1c890c5074644e436af79012ddfe11ec06a7ca4e0291

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f34a6692433feacc5c8f1fff891e65e2

SHA1
c0d04d8c1b7b07bdbf53f5bae7fe7b81cadb30ad

SHA256
e799da472a0e3c161f300c4df22a55f0b40b07a94a40b24f072c6c64af69fc59

SHA512
2968820b894290fc138116d50d7d2c8f5ca39dbe9587bd9a1d2aef8cc7ba6879eaa5cd619ef5e233b7e83f46a29c40e9ae7c59fb5123dccf26ce4261c82d813f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b279f74a107c7a73ca44cb5ec90f8d93

SHA1
2edff6736092ee1b58e0d4fd11146cfe6a1ac1ac

SHA256
5dabb89af84e79b126e176f6a404d279e9243a1f7caf6c0529d518ce3a2944f3

SHA512
0bfb735b957fa47eff4a89eba8c8df5394a8a937d59cffae6d4c1015b9dd339a5da98faeb01c6e2c49ea1c2a429ccaf989f830d70793388a7e19190f44aebc82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3401.tmp

Filesize
5KB

MD5
38866f0cc38de82d85a82dcafd11bbe6

SHA1
39e242172210a0fec30aefaf31902aace72b877b

SHA256
8c1cfa1c5dcff96f77fa3eba931ca577cf8b28d3783c19539e83ce46ef994793

SHA512
0e9338b6d5cbc168528f13dd7f017345b2ef13b99d775d50ae12576a091781d3626143e67620633f13819c78a91cadbed2fe0c4fcf5da8f68cb4eb3a8719ac0d

Download Submit
memory/2548-1-0x000007FEF5CE0000-0x000007FEF66CC000-memory.dmp

Filesize
9.9MB

Download
memory/2548-10-0x000000001B200000-0x000000001B280000-memory.dmp

Filesize
512KB

Download
memory/2548-3-0x000000001B200000-0x000000001B280000-memory.dmp

Filesize
512KB

Download
memory/2548-162-0x000000001B200000-0x000000001B280000-memory.dmp

Filesize
512KB

Download
memory/2548-2-0x000000001B200000-0x000000001B280000-memory.dmp

Filesize
512KB

Download
memory/2548-6-0x000000001B200000-0x000000001B280000-memory.dmp

Filesize
512KB

Download
memory/2548-0-0x0000000000440000-0x0000000000474000-memory.dmp

Filesize
208KB

Download
memory/2548-4-0x0000000000510000-0x000000000051A000-memory.dmp

Filesize
40KB

Download
memory/2548-146-0x000007FEF5CE0000-0x000007FEF66CC000-memory.dmp

Filesize
9.9MB

Download
memory/2548-147-0x000000001B200000-0x000000001B280000-memory.dmp

Filesize
512KB

Download
memory/2548-161-0x0000000000510000-0x000000000051A000-memory.dmp

Filesize
40KB

Download
memory/2548-160-0x0000000000510000-0x000000000051A000-memory.dmp

Filesize
40KB

Download
memory/2548-5-0x0000000000510000-0x000000000051A000-memory.dmp

Filesize
40KB

Download