Analysis
-
max time kernel
142s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25/12/2023, 19:33
General
-
Target
3843d5b57aa9007c7397cb2d8bcf27a1.exe
-
Size
113KB
-
MD5
3843d5b57aa9007c7397cb2d8bcf27a1
-
SHA1
46ee3c26c7b156f8e9349274267a444657746c64
-
SHA256
4b94e9f1da7c1aefbc420bb442965fd4a1fc7754e84e48d0d88b5dd8b1c96305
-
SHA512
0159853427070db5406a5fd5ec69614481e88b55f578b0254b221fad2b06e3bda6a0a333b9b6ba06674f42f543cdd8f8f93f9f9f0ba2ec36221ddaeeb7ef865c
-
SSDEEP
768:k/tPn4dbA6+EjxxlBIubcVY/uT19d4JguMmenP/Q2V7LTPmvkJQtWk7sapBtABM2:sZoc6+WfIhZhkJcmmAGJQg2WwB5BT4R
Score
8/10
Malware Config
Signatures
-
Sets DLL path for service in the registry 2 TTPs 1 IoCs
-
Deletes itself 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3843d5b57aa9007c7397cb2d8bcf27a1.exe"C:\Users\Admin\AppData\Local\Temp\3843d5b57aa9007c7397cb2d8bcf27a1.exe"1⤵
- Sets DLL path for service in the registry
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\3843D5~1.EXE > nul2⤵
- Deletes itself
-
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs1⤵
- Loads dropped DLL
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB
MD5239017a7212d717c21f790e851b42ded
SHA196aff3608606cf8d581b4786b7934da3e72cd59d
SHA256999bb84db5b22609c0b2e122313a90fb1ade5e4231d12e7c076b650bf543b80b
SHA512a485f45234673fd6342bff98c0b93ef5dcf6e7cfe20a8d726632451034d1b1270619be984320d19b577f0474556730e65b4b3b91ad7738842a06e0587b05330f
-
Filesize
112KB
-
Filesize
112KB