064b10fc1343b6691b6b4ddcb3c7f3ff05251583d7f7c4a27941afb97f40ce9b

Analysis

max time kernel
139s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6856b8885819321bab3b9552ae033673.exe
Size

876KB
MD5

6856b8885819321bab3b9552ae033673
SHA1

b4e33799370b3a93caa47690fd0c953f511d725a
SHA256

064b10fc1343b6691b6b4ddcb3c7f3ff05251583d7f7c4a27941afb97f40ce9b
SHA512

f261e36a1a901a679b0b49224d1b9903d100fa2b86c6f1e7ed1000138226826060160c0e70fcbfe47b15a2e9a56b903324b812e168155e4aeac411f052b83387
SSDEEP

24576:zdMLKmtvPyHu7dgoA4S3y9pNg4W7HMcYcN+2QHCXRD:ZiKmHyOx7Sp7sclQM

Score

7^/10

evasion trojan

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
708	6856b8885819321bab3b9552ae033673.exe
708	6856b8885819321bab3b9552ae033673.exe
708	6856b8885819321bab3b9552ae033673.exe
708	6856b8885819321bab3b9552ae033673.exe
708	6856b8885819321bab3b9552ae033673.exe
708	6856b8885819321bab3b9552ae033673.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	6856b8885819321bab3b9552ae033673.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4596 wrote to memory of 1788	4596	6856b8885819321bab3b9552ae033673.exe	18
PID 4596 wrote to memory of 1788	4596	6856b8885819321bab3b9552ae033673.exe	18
PID 4596 wrote to memory of 1788	4596	6856b8885819321bab3b9552ae033673.exe	18
PID 1788 wrote to memory of 708	1788	6856b8885819321bab3b9552ae033673.exe	23
PID 1788 wrote to memory of 708	1788	6856b8885819321bab3b9552ae033673.exe	23
PID 1788 wrote to memory of 708	1788	6856b8885819321bab3b9552ae033673.exe	23

C:\Users\Admin\AppData\Local\Temp\6856b8885819321bab3b9552ae033673.exe
"C:\Users\Admin\AppData\Local\Temp\6856b8885819321bab3b9552ae033673.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4596
- C:\Users\Admin\AppData\Local\Temp\6856b8885819321bab3b9552ae033673.exe
  "C:\Users\Admin\AppData\Local\Temp\6856b8885819321bab3b9552ae033673.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1788
- - C:\Users\Admin\AppData\Local\Temp\6856b8885819321bab3b9552ae033673.exe
    "C:\Users\Admin\AppData\Local\Temp\6856b8885819321bab3b9552ae033673.exe"
    3⤵
    - Loads dropped DLL
    - Checks whether UAC is enabled
    PID:708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\dHHsHYms9LV8jgbf9o7\lua51.dll

Filesize
95KB

MD5
75cd22d81a0bc0818ca2988b391eaf60

SHA1
7e3af485d66ef87c0705c6c0762c5debe9d72882

SHA256
a51a527c0c02c023029e8eba1db3ebaa59d0cd0c4162c8a29e46ea93cb42af71

SHA512
6787c07bd3c725b0cf8663eda4dbdc5a4a0775554f3dbdf1b4c68714216c07058cffbb8aa9fc40cebc54a9a68ee77d3924119387e0a0c78c253b3ab10413bd4c

Download Submit
memory/708-7-0x0000000002200000-0x0000000002216000-memory.dmp

Filesize
88KB

Download
memory/708-22-0x000000007FE30000-0x000000007FE40000-memory.dmp

Filesize
64KB

Download
memory/708-21-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/708-29-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/708-23-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/708-20-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/708-19-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/708-18-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/708-17-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/708-14-0x0000000002220000-0x0000000002256000-memory.dmp

Filesize
216KB

Download