bb8da044da7e04f0c40bb62daf2c2ea58e1c287ab6089810b2d5614991541a1d

Analysis

max time kernel
147s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3926bbf94560b84c49335f7a7bcddf9e.exe
Size

14.9MB
MD5

3926bbf94560b84c49335f7a7bcddf9e
SHA1

c1b1a50bc2ca474461a23960d58bde097c463a5f
SHA256

bb8da044da7e04f0c40bb62daf2c2ea58e1c287ab6089810b2d5614991541a1d
SHA512

e0c522dd818431dd15de8d0ae168756820c13b0b59642fbe0d47e4c3506eb702c9d31b91286a12e428b82e68767e79e0431f20beb3e6488945e760a2eb0b5463
SSDEEP

393216:+YB93E8VxOa43LIzCvXGnY019JxYCv1fAlTOpD8:+w93E8Py312Rf9f

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 28 IoCs

pid	Process
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	2152	3926bbf94560b84c49335f7a7bcddf9e.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2152	3926bbf94560b84c49335f7a7bcddf9e.exe
2152	3926bbf94560b84c49335f7a7bcddf9e.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4140 wrote to memory of 2152	4140	3926bbf94560b84c49335f7a7bcddf9e.exe	24
PID 4140 wrote to memory of 2152	4140	3926bbf94560b84c49335f7a7bcddf9e.exe	24

C:\Users\Admin\AppData\Local\Temp\3926bbf94560b84c49335f7a7bcddf9e.exe
"C:\Users\Admin\AppData\Local\Temp\3926bbf94560b84c49335f7a7bcddf9e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4140
- C:\Users\Admin\AppData\Local\Temp\3926bbf94560b84c49335f7a7bcddf9e.exe
  "C:\Users\Admin\AppData\Local\Temp\3926bbf94560b84c49335f7a7bcddf9e.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI41402\VCRUNTIME140.dll

Filesize
99KB

MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\VCRUNTIME140.dll

Filesize
92KB

MD5
936a862f650ed53b5dfead21c78e1740

SHA1
da1536313419984abd597072babc5b0d952ad2bc

SHA256
fbf6f64ab311bb263ee4addace17c258a9e2bc195416fbc4eb56593ad53c445b

SHA512
ae67885e5b9d7d95d9d3717916071ad32ae70b7bba455b7f458ae81af84c78f816b3c992fe92eb0e3273b7f74a90f94c0fc4a2fb67e0fd84922ec6c89204e6e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\python37.dll

Filesize
92KB

MD5
1d53c8489d9c1ed627d38b894e052a84

SHA1
64a15fd80e36646005f27d897d6c71390d92faa5

SHA256
4861d4a6a2cf9174876087152d5270d6347795c8cdb4ac2cd53bd30b076f6ee6

SHA512
2c2c0b4900ccc65701d1a040e1a555ef21114fb96bb1e958000fb709d2a268b2df77d0c41100bc8f7a6d5e6017fd185ea3f36ccd579d14dda96ae638b49ac2c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41402\ucrtbase.dll

Filesize
896KB

MD5
cbf1ffcbc3b4f9187c3b4f527c892144

SHA1
85a9c4d2575de1bb9cf334d3365c9d29c8f7a0d8

SHA256
d688a288392305ccf0d6ed2004ce0f82d398cd2c45186abb4976c120391fe56d

SHA512
2c8554f5404876d539303683fc479f74be67779641fd5554ce5144e7958b79e888eaa1e6781c3f9968c4807b8d0231c36732adad3e273c29e299426067297453

Download Submit
memory/2152-101-0x00007FF89C660000-0x00007FF89CE30000-memory.dmp

Filesize
7.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads