59bde3d183feda26deb519a4b9a6655c9ca4461e0724a1f396c8340af644cba1

Analysis

max time kernel
146s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51d065d8d79adb829730f55fce9ec9ca.exe
Size

4.5MB
MD5

51d065d8d79adb829730f55fce9ec9ca
SHA1

a00c067980d321302a0d86f516d846bbdb264ec4
SHA256

59bde3d183feda26deb519a4b9a6655c9ca4461e0724a1f396c8340af644cba1
SHA512

f62c5db2c65070d02bbbe221d88e2b2a7294b41fe169bc2828a606497e33eae5d8361908012bed686acd23fe4f13f5cf76da06e08e19ce39b2fa5c1f4ff058ac
SSDEEP

98304:s/t6jftK7uPQNtRF+OKDcG0nVSEJA0qRzc2DqoXEDUU+YiwOBpIeWH:YEft3Ez3BG0nVqRQ2TXEDUU7i1zwH

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1876	51d065d8d79adb829730f55fce9ec9ca.exe

Loads dropped DLL 4 IoCs

pid	Process
2256	51d065d8d79adb829730f55fce9ec9ca.exe
1876	51d065d8d79adb829730f55fce9ec9ca.exe
1876	51d065d8d79adb829730f55fce9ec9ca.exe
1876	51d065d8d79adb829730f55fce9ec9ca.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1876	51d065d8d79adb829730f55fce9ec9ca.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1876	51d065d8d79adb829730f55fce9ec9ca.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1876	51d065d8d79adb829730f55fce9ec9ca.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 1876	2256	51d065d8d79adb829730f55fce9ec9ca.exe	28
PID 2256 wrote to memory of 1876	2256	51d065d8d79adb829730f55fce9ec9ca.exe	28
PID 2256 wrote to memory of 1876	2256	51d065d8d79adb829730f55fce9ec9ca.exe	28
PID 2256 wrote to memory of 1876	2256	51d065d8d79adb829730f55fce9ec9ca.exe	28

C:\Users\Admin\AppData\Local\Temp\51d065d8d79adb829730f55fce9ec9ca.exe
"C:\Users\Admin\AppData\Local\Temp\51d065d8d79adb829730f55fce9ec9ca.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Users\Admin\AppData\Local\Temp\4zjysf1c.b0u\51d065d8d79adb829730f55fce9ec9ca.exe
  "C:\Users\Admin\AppData\Local\Temp\4zjysf1c.b0u\51d065d8d79adb829730f55fce9ec9ca.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4zjysf1c.b0u\51d065d8d79adb829730f55fce9ec9ca.exe

Filesize
347KB

MD5
7f3f58430be88846997a003b277f96b6

SHA1
aea13d7f1e4e830744918ca20b110db42f16abe5

SHA256
736166e25dc9f6a77ae106072d286b78c847e75a21db368c8fa9ca585f8eae83

SHA512
607cdb10e86e438458cea3f3ed6e7183657951316293002114107c13295e23a76fe8fafa510a25db1bc8bedbde98423bc43d845716765f1ccfc66a043589ac09

Download Submit
C:\Users\Admin\AppData\Local\Temp\4zjysf1c.b0u\51d065d8d79adb829730f55fce9ec9ca.exe

Filesize
462KB

MD5
3702f434d6e9e02a05e92b9ceb86a759

SHA1
c300209263ebbba72596eb57717aca36b7d2a21d

SHA256
e54305f1ec15653afdb2910ffb62729d6b995db9d474bdc1a4a069aad9054960

SHA512
a0ca8894500e395103c79de76c33a7a6f2426f4d49cb2c2a879b177816847fd93cd911b329dff7bda38b9f0c7b4e0b7fc239b567e83cd73fc4c14a8feb26edb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\4zjysf1c.b0u\image

Filesize
9KB

MD5
2bec3c4daed9450c3b3493df91166d8a

SHA1
704c108a7b73a54fd6dcde5ffde621891a3d184a

SHA256
6ee22c3139aaa312753f853cc05b7f4bf9a62fc5191c8ed77aaa5759b9065977

SHA512
82a38fb438886a237c075bc0f32ac958a204151f147c53aac90f7a24e18febb98ed2de0e792d4ab0c4d9d55eea4301ed58d088eccf505bd61bf79775522b48d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\4zjysf1c.b0u\main.xml

Filesize
10KB

MD5
dc06bd25f09a94a709987e26a14b625d

SHA1
b979a99e1c6e695b6e27a7954d65a10337e5cd43

SHA256
4ac73febe65bc0bf87ac44c572b459cb43c18b0219755b5fe765877f4f2c2d53

SHA512
dc9a4b0bd8c9fc37442d0195b13cf2a978c2b2b58d8f22bb6b649cf3a9377536b7b92115c74077703e57bbfb395d248af91c76939a3f904dcdce89b22e960c4b

Download Submit
\Users\Admin\AppData\Local\Temp\4zjysf1c.b0u\51d065d8d79adb829730f55fce9ec9ca.exe

Filesize
416KB

MD5
aff64a11f4b7eca8fb778afdbc5ba4fd

SHA1
e00b3da208b092bcc4d0d28dafc9404f50e12bbd

SHA256
b2d408824c6d62a1814f316e70340fca764df5cd6b39f860ff9e5b3908371a99

SHA512
c306550df64525dd65c26161e2b05c1b3d3bb2aaa23a700819333255c8d08d9d6fbcbcbeb10a32e252356a73caa314917db0227f4fbc5a364aa0bb4c13db9a47

Download Submit
\Users\Admin\AppData\Local\Temp\4zjysf1c.b0u\7z.dll

Filesize
105KB

MD5
254bf3d874dcfb2af1dc86751737f97d

SHA1
92a114c986af050ed5ab700c953afe80b3aa9b87

SHA256
643df7863f007013e3d0b2b76fce8dc0a305e8f786cd54d463b7b720d1b5049f

SHA512
7cc057ec1c455a5cc1266c8118be3bc7c417e2787f530e6376ba2d146115b89d5151e0be9ccae846ea25faf767f9021391c20e7e10a4ea5681785307c7b24bb9

Download Submit
\Users\Admin\AppData\Local\Temp\4zjysf1c.b0u\7z.dll

Filesize
108KB

MD5
a42fbacce72315a400b001e02e0ca5d1

SHA1
7c2b43131245e2c682fc8aef4127be7f93e34f50

SHA256
5fe515e3f42ca2bf232f3662516f18e846064739295a2c72f7d8bbf33190e902

SHA512
40bacfa665be9070c1b77cd582688bd4c3333c0d0dee846af06fc1faa583f65cf84cd5b2582fa36a977c4e411f80414ed67ba5417931a94d8b246753b600fc66

Download Submit
\Users\Admin\AppData\Local\Temp\4zjysf1c.b0u\7z.dll

Filesize
159KB

MD5
ec20ab57db771ea7c02fb37c855343ec

SHA1
219a07855975a54c9f082714210c798d35e996f5

SHA256
d010e74a82487a8795c2b338a4094e3dabcf72c26c695be6fdf1177f7f9ee100

SHA512
966f2110a34e574cbe865d59ac8c6b75aae09979c722b5c8f14fb9a6ff3c44877394f60b51b4588e9a211e4a3c94102b447bb3f47b5140e62ab1edbd5a096dab

Download Submit
memory/1876-77-0x0000000002880000-0x00000000028C0000-memory.dmp

Filesize
256KB

Download
memory/1876-95-0x0000000074D20000-0x00000000752CB000-memory.dmp

Filesize
5.7MB

Download
memory/1876-170-0x0000000002880000-0x00000000028C0000-memory.dmp

Filesize
256KB

Download
memory/1876-13-0x0000000000190000-0x00000000001CD000-memory.dmp

Filesize
244KB

Download
memory/1876-22-0x0000000075BE0000-0x0000000075C37000-memory.dmp

Filesize
348KB

Download
memory/1876-23-0x00000000754F0000-0x00000000754F9000-memory.dmp

Filesize
36KB

Download
memory/1876-24-0x0000000074D20000-0x00000000752CB000-memory.dmp

Filesize
5.7MB

Download
memory/1876-21-0x00000000776D0000-0x0000000077717000-memory.dmp

Filesize
284KB

Download
memory/1876-27-0x0000000002880000-0x00000000028C0000-memory.dmp

Filesize
256KB

Download
memory/1876-28-0x0000000074D20000-0x00000000752CB000-memory.dmp

Filesize
5.7MB

Download
memory/1876-26-0x0000000074D20000-0x00000000752CB000-memory.dmp

Filesize
5.7MB

Download
memory/1876-20-0x0000000076B10000-0x0000000076BBC000-memory.dmp

Filesize
688KB

Download
memory/1876-83-0x00000000727B0000-0x0000000072802000-memory.dmp

Filesize
328KB

Download
memory/1876-17-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1876-25-0x0000000075E60000-0x0000000076AAA000-memory.dmp

Filesize
12.3MB

Download
memory/1876-30-0x0000000077220000-0x000000007737C000-memory.dmp

Filesize
1.4MB

Download
memory/1876-31-0x0000000074BC0000-0x0000000074C1B000-memory.dmp

Filesize
364KB

Download
memory/1876-33-0x0000000074D20000-0x00000000752CB000-memory.dmp

Filesize
5.7MB

Download
memory/1876-34-0x00000000754E0000-0x00000000754E5000-memory.dmp

Filesize
20KB

Download
memory/1876-35-0x0000000076C80000-0x0000000076CB5000-memory.dmp

Filesize
212KB

Download
memory/1876-36-0x0000000077720000-0x000000007783D000-memory.dmp

Filesize
1.1MB

Download
memory/1876-16-0x0000000000950000-0x0000000000A58000-memory.dmp

Filesize
1.0MB

Download
memory/1876-48-0x0000000002880000-0x00000000028C0000-memory.dmp

Filesize
256KB

Download
memory/1876-49-0x00000000775A0000-0x000000007762F000-memory.dmp

Filesize
572KB

Download
memory/1876-12-0x00000000753D0000-0x000000007541A000-memory.dmp

Filesize
296KB

Download
memory/1876-64-0x000000005E3A0000-0x000000005E42D000-memory.dmp

Filesize
564KB

Download
memory/1876-134-0x0000000000950000-0x0000000000A58000-memory.dmp

Filesize
1.0MB

Download
memory/1876-63-0x0000000002880000-0x00000000028C0000-memory.dmp

Filesize
256KB

Download
memory/1876-71-0x0000000076CC0000-0x0000000076CC5000-memory.dmp

Filesize
20KB

Download
memory/1876-133-0x0000000074D20000-0x00000000752CB000-memory.dmp

Filesize
5.7MB

Download
memory/1876-59-0x0000000000950000-0x0000000000A58000-memory.dmp

Filesize
1.0MB

Download
memory/1876-72-0x0000000073620000-0x00000000737B0000-memory.dmp

Filesize
1.6MB

Download
memory/1876-132-0x0000000074D20000-0x00000000752CB000-memory.dmp

Filesize
5.7MB

Download
memory/1876-76-0x0000000000190000-0x00000000001CD000-memory.dmp

Filesize
244KB

Download
memory/1876-109-0x0000000074D20000-0x00000000752CB000-memory.dmp

Filesize
5.7MB

Download
memory/1876-81-0x0000000074080000-0x0000000074097000-memory.dmp

Filesize
92KB

Download
memory/1876-10-0x0000000000950000-0x0000000000A58000-memory.dmp

Filesize
1.0MB

Download
memory/1876-18-0x0000000000190000-0x00000000001CD000-memory.dmp

Filesize
244KB

Download
memory/1876-99-0x0000000076B10000-0x0000000076BBC000-memory.dmp

Filesize
688KB

Download
memory/1876-90-0x0000000075650000-0x000000007565C000-memory.dmp

Filesize
48KB

Download
memory/1876-92-0x0000000076E30000-0x0000000076E57000-memory.dmp

Filesize
156KB

Download
memory/1876-89-0x00000000726A0000-0x00000000726BC000-memory.dmp

Filesize
112KB

Download
memory/1876-88-0x0000000072710000-0x0000000072768000-memory.dmp

Filesize
352KB

Download
memory/1876-86-0x0000000076E60000-0x0000000076E79000-memory.dmp

Filesize
100KB

Download
memory/1876-85-0x0000000073570000-0x000000007357D000-memory.dmp

Filesize
52KB

Download
memory/1876-93-0x0000000000950000-0x0000000000A58000-memory.dmp

Filesize
1.0MB

Download
memory/1876-94-0x00000000776D0000-0x0000000077717000-memory.dmp

Filesize
284KB

Download
memory/1876-82-0x0000000074060000-0x0000000074075000-memory.dmp

Filesize
84KB

Download
memory/1876-100-0x0000000076E60000-0x0000000076E79000-memory.dmp

Filesize
100KB

Download
memory/1876-106-0x00000000753D0000-0x000000007541A000-memory.dmp

Filesize
296KB

Download
memory/1876-105-0x0000000075BE0000-0x0000000075C37000-memory.dmp

Filesize
348KB

Download
memory/1876-104-0x0000000075E60000-0x0000000076AAA000-memory.dmp

Filesize
12.3MB

Download
memory/1876-87-0x00000000726C0000-0x000000007270F000-memory.dmp

Filesize
316KB

Download
memory/1876-96-0x0000000000950000-0x0000000000A58000-memory.dmp

Filesize
1.0MB

Download
memory/1876-107-0x00000000752D0000-0x000000007534D000-memory.dmp

Filesize
500KB

Download
memory/1876-115-0x0000000075B00000-0x0000000075B06000-memory.dmp

Filesize
24KB

Download
memory/1876-120-0x0000000073620000-0x00000000737B0000-memory.dmp

Filesize
1.6MB

Download
memory/1876-121-0x0000000072920000-0x0000000072A50000-memory.dmp

Filesize
1.2MB

Download
memory/1876-131-0x0000000002880000-0x00000000028C0000-memory.dmp

Filesize
256KB

Download
memory/1876-130-0x0000000076E30000-0x0000000076E57000-memory.dmp

Filesize
156KB

Download
memory/1876-129-0x0000000072690000-0x0000000072697000-memory.dmp

Filesize
28KB

Download
memory/1876-128-0x00000000726A0000-0x00000000726BC000-memory.dmp

Filesize
112KB

Download
memory/1876-127-0x00000000726C0000-0x000000007270F000-memory.dmp

Filesize
316KB

Download
memory/1876-126-0x0000000072710000-0x0000000072768000-memory.dmp

Filesize
352KB

Download
memory/1876-125-0x0000000073570000-0x000000007357D000-memory.dmp

Filesize
52KB

Download
memory/1876-124-0x0000000074060000-0x0000000074075000-memory.dmp

Filesize
84KB

Download
memory/1876-123-0x00000000727B0000-0x0000000072802000-memory.dmp

Filesize
328KB

Download
memory/1876-118-0x000000005E3A0000-0x000000005E42D000-memory.dmp

Filesize
564KB

Download
memory/1876-114-0x0000000076C80000-0x0000000076CB5000-memory.dmp

Filesize
212KB

Download
memory/1876-112-0x0000000074BC0000-0x0000000074C1B000-memory.dmp

Filesize
364KB

Download
memory/1876-110-0x0000000077220000-0x000000007737C000-memory.dmp

Filesize
1.4MB

Download
memory/2256-0-0x0000000074DA0000-0x000000007534B000-memory.dmp

Filesize
5.7MB

Download
memory/2256-1-0x0000000074DA0000-0x000000007534B000-memory.dmp

Filesize
5.7MB

Download
memory/2256-2-0x0000000001F70000-0x0000000001FB0000-memory.dmp

Filesize
256KB

Download
memory/2256-9-0x0000000004A10000-0x0000000004B18000-memory.dmp

Filesize
1.0MB

Download
memory/2256-15-0x0000000074DA0000-0x000000007534B000-memory.dmp

Filesize
5.7MB

Download