32d346d89b91d4bfb3a1a98c3734db97fe7e39d4fc7f4800d3be032088e46343 | Triage

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 19:37

Sharing

Report Analysis Logs

General

Target

bnbz.tk/xtw.exe
Size

1.6MB
MD5

c2d96dbb902b72a686fff1cc4ad028ce
SHA1

cb951fe6b7e1ae9863846b0ebc38d951a9525278
SHA256

d31cf94ca55682ba051ab45f66ce6fcbd55d7628f5561190baf1c2a553ab3d27
SHA512

fc60ac6c74b3bffd6f925fc78d255c1b2a4228fe72dac5341aec4e3be885e306b5fb302d8ff2c2c92ceb3b140b5c0d2800fa5c971c3f987d825208b1b85fefe0
SSDEEP

24576:BcDCA0+uNY40ZKJ/FLSfCBzZ7R/PCU2QLuSggRu5yq2SVQ:BatOJiMl9/PC7QL/joF2p

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1200	xtw.exe
1200	xtw.exe
1200	xtw.exe
1200	xtw.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1200	xtw.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1200	xtw.exe
1200	xtw.exe

C:\Users\Admin\AppData\Local\Temp\bnbz.tk\xtw.exe
"C:\Users\Admin\AppData\Local\Temp\bnbz.tk\xtw.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1200-0-0x0000000000400000-0x000000000059F000-memory.dmp

Filesize
1.6MB

Download
memory/1200-10-0x0000000000400000-0x000000000059F000-memory.dmp

Filesize
1.6MB

Download
memory/1200-11-0x0000000000400000-0x000000000059F000-memory.dmp

Filesize
1.6MB

Download
memory/1200-12-0x0000000000400000-0x000000000059F000-memory.dmp

Filesize
1.6MB

Download