7151f88f77eadd4a18cbd7890bb7c4de4bc32d55efc6a9b2d61e243457abbd66

Analysis

max time kernel
142s
max time network
142s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3988386d84cc53c2e30f9d08aaf40f8b.exe
Size

771KB
MD5

3988386d84cc53c2e30f9d08aaf40f8b
SHA1

f2768b47cc57470f8a70a6be5d812b54d6da1c28
SHA256

7151f88f77eadd4a18cbd7890bb7c4de4bc32d55efc6a9b2d61e243457abbd66
SHA512

7bd1ea57ad9771cca3accbbb326471a9a4e759d841581af7d642c494d1e8bdf195ff63ed81325ca9e4664780a3b5cc999015968776ec075f41a83684643d9f69
SSDEEP

24576:xMlD5zQnyuPrY44yOsL7qGarCzWR5tjSjoMg2fIzItVGXa:xMlD5zQnyuPrY44yOsL7qGarCzWR5tqb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2892	lAdEp02100.exe

Loads dropped DLL 2 IoCs

pid	Process
2888	3988386d84cc53c2e30f9d08aaf40f8b.exe
2888	3988386d84cc53c2e30f9d08aaf40f8b.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2888	3988386d84cc53c2e30f9d08aaf40f8b.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2888	3988386d84cc53c2e30f9d08aaf40f8b.exe
Token: SeDebugPrivilege	2892	lAdEp02100.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2892	2888	3988386d84cc53c2e30f9d08aaf40f8b.exe	31
PID 2888 wrote to memory of 2892	2888	3988386d84cc53c2e30f9d08aaf40f8b.exe	31
PID 2888 wrote to memory of 2892	2888	3988386d84cc53c2e30f9d08aaf40f8b.exe	31
PID 2888 wrote to memory of 2892	2888	3988386d84cc53c2e30f9d08aaf40f8b.exe	31

C:\Users\Admin\AppData\Local\Temp\3988386d84cc53c2e30f9d08aaf40f8b.exe
"C:\Users\Admin\AppData\Local\Temp\3988386d84cc53c2e30f9d08aaf40f8b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2888
- C:\ProgramData\lAdEp02100\lAdEp02100.exe
  "C:\ProgramData\lAdEp02100\lAdEp02100.exe" "C:\Users\Admin\AppData\Local\Temp\3988386d84cc53c2e30f9d08aaf40f8b.exe" 995DE5F51555D5D5995DE5F51555D5D5
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\lAdEp02100\lAdEp02100.exe

Filesize
421KB

MD5
09e6c12056f122e762d21aa0a3c2b4f1

SHA1
f665c1a1a99dd51193c5d84e5de7302100d2db64

SHA256
ee0fb3f35de2b72cda1f32087e9fa5ba8306de4ef8696206d8db9bcbb8780401

SHA512
e658425ea82ac5d35e4bf863ef707dcc55cc1d98cd8bb298e76722131dd0688db4c2c430f81f7ba9c348caa2f0099f7e55268bb58ea93c52c34b2bdff4cee839

Download Submit
C:\ProgramData\lAdEp02100\lAdEp02100.exe

Filesize
545KB

MD5
12e7e7b1f18bf47f9716eb6b4d2f257d

SHA1
877844f2d0420a00e95e1dafe7d24184f4493359

SHA256
619b737a47d7489e8d05631840a3f2851571eb550c0fa0b9e6f50efe58c0f80b

SHA512
6da661982bbe7a1ddf03f5cfd28362ad30193f6b2fa5c9479ebfcf93c091289ea1cb080430014c52e72c29ce01dfb9f32542b903bc6cecfbc7bb02b2949e031e

Download Submit
C:\ProgramData\lAdEp02100\lAdEp02100.exe

Filesize
96KB

MD5
f1ccddbeaf319c606bdaea1b11377d19

SHA1
55186c4e25a0ccbb66bba58ff0943ebfc20c60cf

SHA256
3efcd8ae78a32a15b27475618ac10ca616c3403e5fc416caf8e7ac561c249d8c

SHA512
0d7d553de2f6bb9a81ac01f4f5b7594c20f8471230d4ca756b78f275e90aae370d2fd03a5b3fec8c21fa90a9ec8f5ce1bc1e5f9f686c0edaa7b183eef60d04ee

Download Submit
\ProgramData\lAdEp02100\lAdEp02100.exe

Filesize
560KB

MD5
ec3294aa5285e3cbde09f62ad7464919

SHA1
e389e7cb6914ed2ae2114ee7f661edd0fc59bff5

SHA256
df65daefc576e64fc25eb548c9f557da100e56c6108c4972cde4aeb5f0c736f4

SHA512
3379919900a86deb83aa4321f9bfffaf4aa873d3af05cd6034d27241fc81a6f162906090533ceb5edbf1ec27210fcd52a3f9cf52bcf4edc8bc8baa942ce90cdd

Download Submit
\ProgramData\lAdEp02100\lAdEp02100.exe

Filesize
422KB

MD5
0ab3b5f2a21885832772d75efa197293

SHA1
babb2e1a7e0fe31aa32308c8472f6d13196f8ef8

SHA256
29ea78109ef2c1b903d06bda02f657dd113ccac858581b63d0661352280446e8

SHA512
3e82d3d467c4935431b16dc3e9a57589e4536394c48d2d55eaca97fbdb9040b9e1327d4706befba20d925b4ea234c75d06ccb2b159d6052a2fb9ee14396f0f54

Download Submit
memory/2888-0-0x00000000009E0000-0x0000000000A9B000-memory.dmp

Filesize
748KB

Download
memory/2888-1-0x0000000000400000-0x000000000065E000-memory.dmp

Filesize
2.4MB

Download
memory/2888-7-0x0000000000400000-0x000000000065E000-memory.dmp

Filesize
2.4MB

Download
memory/2888-25-0x0000000000400000-0x000000000065E000-memory.dmp

Filesize
2.4MB

Download
memory/2892-27-0x0000000000400000-0x000000000065E000-memory.dmp

Filesize
2.4MB

Download
memory/2892-31-0x0000000000400000-0x000000000065E000-memory.dmp

Filesize
2.4MB

Download