b53e2621741d5018ba587c1bd993e1f489976376342c7be05c1dfa464b524d6e

Analysis

max time kernel
144s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66220981e412954659871d15d3233aa5.exe
Size

545KB
MD5

66220981e412954659871d15d3233aa5
SHA1

58b4edb45aa4d82bdad5a95e291d88edf059362f
SHA256

b53e2621741d5018ba587c1bd993e1f489976376342c7be05c1dfa464b524d6e
SHA512

d8add1749dae553e2b64bf662b3a896e0f01bd4470684dc5df3540a7c31dcecdd6117a6aea5bba10325620e43689836f17e26227ed740bf536fee740d2792ef9
SSDEEP

12288:x1Ra1rN4wopVauKAxZkhwryINtTirdor2vzFyq:xDrp4XAx+hwrywTEdoSvo

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1480	EntSver.exe

Loads dropped DLL 2 IoCs

pid	Process
1480	EntSver.exe
1480	EntSver.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\HKDVSC.DAT	66220981e412954659871d15d3233aa5.exe
File created	C:\Windows\EntSver.exe	66220981e412954659871d15d3233aa5.exe
File opened for modification	C:\Windows\EntSver.exe	66220981e412954659871d15d3233aa5.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2840	66220981e412954659871d15d3233aa5.exe
Token: SeDebugPrivilege	1480	EntSver.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1480	EntSver.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1480	EntSver.exe
1480	EntSver.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 2692	1480	EntSver.exe	90
PID 1480 wrote to memory of 2692	1480	EntSver.exe	90

C:\Users\Admin\AppData\Local\Temp\66220981e412954659871d15d3233aa5.exe
"C:\Users\Admin\AppData\Local\Temp\66220981e412954659871d15d3233aa5.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2840

C:\Windows\EntSver.exe
C:\Windows\EntSver.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\EntSver.exe

Filesize
512KB

MD5
b857b16fba1182c8b000133a83e1a6c4

SHA1
3caaa647d7697625a50a1fdf1366ddb064ff34f4

SHA256
2fcaf74589d3aa5a50e03aa22d4f657af54aac19a9ca516e5821016a1b672cd0

SHA512
f412ffbcd38b4ea47bbf225a1634ca4068f402a8f21d6895c9d221e867a961bfb6971fd8635c6cb169721f51a9f50697f92ff3a797142ada38579b32a71b47af

Download Submit
C:\Windows\EntSver.exe

Filesize
320KB

MD5
9705cd7f8ac698081097b02d3ed634aa

SHA1
3b8832930132666ccfeea5fdf0617c14752cfe40

SHA256
94de84f406b24b27b9f62b057bdf5c4969f7d336fd7d58569f183f8451461858

SHA512
1b30892e65719add4f8da6da70d56d59f4a00610e150f3d9890a2fff2262ad4622ad8edd63971c2c8d0066020588dd173c9a46cd7d6e9c2645650834d442fc97

Download Submit
C:\Windows\HKDVSC.DAT

Filesize
51KB

MD5
d58f992c53515c9f1fb9394a46f4cb48

SHA1
1f9909d227b93be10328e0abc64052da984657ba

SHA256
50c6b8848b0a9cf6a6b579928dc6e5c75cf7564c19bb7b40d86ba9d360ebb040

SHA512
3a87c279fbbbaff2bfe791c523716ad092c41099b8914ba369565014502d408084259d4efe6896d785c024935b181ca34cf49e3b79f3f1a89ee1c9d775635d94

Download Submit
memory/1480-99-0x0000000001EA0000-0x0000000001EB2000-memory.dmp

Filesize
72KB

Download
memory/1480-158-0x0000000001EA0000-0x0000000001EB2000-memory.dmp

Filesize
72KB

Download
memory/2840-61-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

Filesize
4KB

Download
memory/2840-42-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/2840-2-0x0000000000C00000-0x0000000000C01000-memory.dmp

Filesize
4KB

Download
memory/2840-4-0x0000000000B00000-0x0000000000B01000-memory.dmp

Filesize
4KB

Download
memory/2840-3-0x0000000000B10000-0x0000000000B11000-memory.dmp

Filesize
4KB

Download
memory/2840-58-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/2840-8-0x0000000000C40000-0x0000000000C41000-memory.dmp

Filesize
4KB

Download
memory/2840-18-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/2840-17-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/2840-22-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/2840-35-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/2840-38-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/2840-41-0x0000000000C20000-0x0000000000C21000-memory.dmp

Filesize
4KB

Download
memory/2840-57-0x0000000002A70000-0x0000000002A71000-memory.dmp

Filesize
4KB

Download
memory/2840-40-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/2840-39-0x0000000002860000-0x0000000002861000-memory.dmp

Filesize
4KB

Download
memory/2840-37-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download
memory/2840-36-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/2840-43-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/2840-45-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/2840-44-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2840-46-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/2840-50-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download
memory/2840-49-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/2840-66-0x0000000002E70000-0x0000000002E71000-memory.dmp

Filesize
4KB

Download
memory/2840-56-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/2840-64-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/2840-63-0x0000000002E30000-0x0000000002E31000-memory.dmp

Filesize
4KB

Download
memory/2840-62-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/2840-0-0x0000000000400000-0x0000000000500000-memory.dmp

Filesize
1024KB

Download
memory/2840-60-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/2840-59-0x0000000002A80000-0x0000000002A81000-memory.dmp

Filesize
4KB

Download
memory/2840-6-0x0000000002520000-0x0000000002523000-memory.dmp

Filesize
12KB

Download
memory/2840-1-0x0000000000B50000-0x0000000000B93000-memory.dmp

Filesize
268KB

Download
memory/2840-65-0x0000000002E40000-0x0000000002E41000-memory.dmp

Filesize
4KB

Download
memory/2840-55-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/2840-54-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/2840-53-0x0000000002A30000-0x0000000002A31000-memory.dmp

Filesize
4KB

Download
memory/2840-48-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/2840-34-0x00000000027E0000-0x00000000027E1000-memory.dmp

Filesize
4KB

Download
memory/2840-33-0x00000000027F0000-0x00000000027F1000-memory.dmp

Filesize
4KB

Download
memory/2840-32-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/2840-31-0x00000000027D0000-0x00000000027D1000-memory.dmp

Filesize
4KB

Download
memory/2840-30-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/2840-29-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/2840-28-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/2840-27-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/2840-26-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/2840-25-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/2840-24-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/2840-23-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/2840-21-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2840-20-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/2840-19-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/2840-16-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/2840-15-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/2840-13-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/2840-14-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/2840-12-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/2840-11-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/2840-10-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/2840-9-0x0000000000C50000-0x0000000000C51000-memory.dmp

Filesize
4KB

Download
memory/2840-7-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/2840-5-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

Filesize
4KB

Download
memory/2840-152-0x0000000000400000-0x0000000000500000-memory.dmp

Filesize
1024KB

Download