8262d81b7c6fda1d235b6a78c3e8fe185d474fad7d3091578eea6dbedae48640

Analysis

max time kernel
120s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05774a5c687f3584dedccabdc6479a7b.exe
Size

594KB
MD5

05774a5c687f3584dedccabdc6479a7b
SHA1

20cbd6fa2e76d7ea43f179b7e98bfeb2527d5291
SHA256

8262d81b7c6fda1d235b6a78c3e8fe185d474fad7d3091578eea6dbedae48640
SHA512

3f9c5ec24acfe4418935e3a7762c60f416ca676f5b8e0eda85815932b6e77c62f84c61a34fcefe385869592b64e1d6cf503bcaa5fff1a572a331e533ec10f822
SSDEEP

12288:Sp1ETtBYDb18RUWVPS1uAj2c2kV3fDTauExZUiliS/KuJ:SpwYDbd8PS16bkpDTa7liEKuJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2836	mms.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Internet Explorer\Connection Wizard\mms.exe	05774a5c687f3584dedccabdc6479a7b.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\Connection Wizard\mms.exe	05774a5c687f3584dedccabdc6479a7b.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1300	05774a5c687f3584dedccabdc6479a7b.exe
Token: SeDebugPrivilege	2836	mms.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2836	mms.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 2564	2836	mms.exe	29
PID 2836 wrote to memory of 2564	2836	mms.exe	29
PID 2836 wrote to memory of 2564	2836	mms.exe	29
PID 2836 wrote to memory of 2564	2836	mms.exe	29

C:\Users\Admin\AppData\Local\Temp\05774a5c687f3584dedccabdc6479a7b.exe
"C:\Users\Admin\AppData\Local\Temp\05774a5c687f3584dedccabdc6479a7b.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:1300

C:\Program Files (x86)\Internet Explorer\Connection Wizard\mms.exe
"C:\Program Files (x86)\Internet Explorer\Connection Wizard\mms.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Internet Explorer\Connection Wizard\mms.exe

Filesize
461KB

MD5
978c0009b03def5593049c926acc25fd

SHA1
a46aacf00495a0b98ce69123aad40ee67de5dac4

SHA256
db1046b9731559840acae06116dde36f32687918b9697c19ccba6018cb75da71

SHA512
d00212d98917c2c9761035e45080eb4deb80ea2f2b803cde7d982e05214dc3af16021b7f483aeb6ace987306058b7c13b66e72dce5987d46618bdd460d59cee4

Download Submit
C:\Program Files (x86)\Internet Explorer\Connection Wizard\mms.exe

Filesize
406KB

MD5
b36be2eca6aee827d1ac95c782388c85

SHA1
7aaf2cdaf14f964d2d6f7075106b994776699045

SHA256
80af57f152c6926799766d74f7db2e4f1a826c77ea4792b8dd717465c4817182

SHA512
b2d7a3ae37a5bda24796dd5c388105de9b68bee3dd667cd996b1de8c832d4cfbc71603e1023bb6090641096f27765e75e141cd512dbf717e822d40eda1ccb512

Download Submit
memory/1300-0-0x0000000000400000-0x00000000005F1000-memory.dmp

Filesize
1.9MB

Download
memory/1300-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1300-2-0x0000000000330000-0x0000000000384000-memory.dmp

Filesize
336KB

Download
memory/1300-11-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/1300-12-0x0000000003310000-0x00000000033BF000-memory.dmp

Filesize
700KB

Download
memory/1300-10-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/1300-9-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/1300-8-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/1300-7-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1300-6-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1300-5-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/1300-4-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/1300-3-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/1300-26-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-34-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-43-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-45-0x0000000000680000-0x0000000000685000-memory.dmp

Filesize
20KB

Download
memory/1300-44-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1300-42-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-41-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-40-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-39-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-38-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-37-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-36-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-35-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-33-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-32-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-31-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-30-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-29-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-28-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-27-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-25-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-24-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-23-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-22-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-21-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-20-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-19-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-18-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-15-0x0000000003310000-0x0000000003350000-memory.dmp

Filesize
256KB

Download
memory/1300-14-0x0000000003310000-0x00000000033BF000-memory.dmp

Filesize
700KB

Download
memory/1300-13-0x0000000003310000-0x00000000033BF000-memory.dmp

Filesize
700KB

Download
memory/2836-47-0x0000000000400000-0x00000000005F1000-memory.dmp

Filesize
1.9MB

Download
memory/2836-49-0x00000000031F0000-0x000000000329F000-memory.dmp

Filesize
700KB

Download
memory/2836-55-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-62-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-67-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-66-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-65-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-64-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-63-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-61-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-60-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-59-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-58-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-57-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-56-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-54-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-53-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-52-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-51-0x00000000031F0000-0x00000000032F0000-memory.dmp

Filesize
1024KB

Download
memory/2836-48-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download