8262d81b7c6fda1d235b6a78c3e8fe185d474fad7d3091578eea6dbedae48640

Analysis

max time kernel
147s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05774a5c687f3584dedccabdc6479a7b.exe
Size

594KB
MD5

05774a5c687f3584dedccabdc6479a7b
SHA1

20cbd6fa2e76d7ea43f179b7e98bfeb2527d5291
SHA256

8262d81b7c6fda1d235b6a78c3e8fe185d474fad7d3091578eea6dbedae48640
SHA512

3f9c5ec24acfe4418935e3a7762c60f416ca676f5b8e0eda85815932b6e77c62f84c61a34fcefe385869592b64e1d6cf503bcaa5fff1a572a331e533ec10f822
SSDEEP

12288:Sp1ETtBYDb18RUWVPS1uAj2c2kV3fDTauExZUiliS/KuJ:SpwYDbd8PS16bkpDTa7liEKuJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2272	mms.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Internet Explorer\Connection Wizard\mms.exe	05774a5c687f3584dedccabdc6479a7b.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\Connection Wizard\mms.exe	05774a5c687f3584dedccabdc6479a7b.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4060	05774a5c687f3584dedccabdc6479a7b.exe
Token: SeDebugPrivilege	2272	mms.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2272	mms.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 4252	2272	mms.exe	92
PID 2272 wrote to memory of 4252	2272	mms.exe	92

C:\Users\Admin\AppData\Local\Temp\05774a5c687f3584dedccabdc6479a7b.exe
"C:\Users\Admin\AppData\Local\Temp\05774a5c687f3584dedccabdc6479a7b.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:4060

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
1⤵
PID:4252

C:\Program Files (x86)\Internet Explorer\Connection Wizard\mms.exe
"C:\Program Files (x86)\Internet Explorer\Connection Wizard\mms.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Internet Explorer\Connection Wizard\mms.exe

Filesize
297KB

MD5
8729c63b73165f0e14af594b0b28973e

SHA1
dc96b5211b248a494ffd3ddf702daea039b2ad53

SHA256
390853d4f51ecbfb0b1356cbada83d989f9135d0da70d5c24e0cc4a51c432130

SHA512
47bca44e5ed64ee0b7f6bee18e8270a37d35a9bf328dfd3258fb6092d475d1c3292380a3324df551535390b0b3d7bbba2b970963aa8055705e118c7383414a41

Download Submit
C:\Program Files (x86)\Internet Explorer\Connection Wizard\mms.exe

Filesize
303KB

MD5
f40f83b75b5034b2da050e52e19b5d49

SHA1
4940be039d69154c32e7452ab0042a150366adc3

SHA256
21aefc6be7ee5d8abda2ba000218f1c1881c197120a95385fc4e178886d3e154

SHA512
9175e561e2eb370b567c9e059ffef87bd7b185deda3c30ec506082faeea5f709cbb1848fbc2d6ca7ef132bac06775dd38b6b826b699bca5747356c6a621d1271

Download Submit
memory/2272-54-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-55-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-25-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-28-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-56-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-57-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-62-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-63-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-64-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-66-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-67-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-65-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-59-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-61-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-60-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-58-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-47-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-22-0x0000000000400000-0x00000000005F1000-memory.dmp

Filesize
1.9MB

Download
memory/2272-23-0x0000000000AF0000-0x0000000000B44000-memory.dmp

Filesize
336KB

Download
memory/2272-24-0x0000000002120000-0x00000000021CF000-memory.dmp

Filesize
700KB

Download
memory/2272-27-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-53-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-33-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-37-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-40-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-43-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-48-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-49-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-50-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-51-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-52-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-44-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-34-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-46-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-42-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-41-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-39-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-38-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-36-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-35-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-45-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-32-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/2272-30-0x0000000002120000-0x0000000002220000-memory.dmp

Filesize
1024KB

Download
memory/4060-8-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/4060-6-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/4060-29-0x0000000000400000-0x00000000005F1000-memory.dmp

Filesize
1.9MB

Download
memory/4060-0-0x0000000000400000-0x00000000005F1000-memory.dmp

Filesize
1.9MB

Download
memory/4060-2-0x0000000000AC0000-0x0000000000B14000-memory.dmp

Filesize
336KB

Download
memory/4060-3-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/4060-4-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/4060-5-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/4060-9-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/4060-31-0x0000000000AC0000-0x0000000000B14000-memory.dmp

Filesize
336KB

Download
memory/4060-12-0x0000000003470000-0x000000000351F000-memory.dmp

Filesize
700KB

Download
memory/4060-10-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/4060-7-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/4060-13-0x0000000003470000-0x000000000351F000-memory.dmp

Filesize
700KB

Download
memory/4060-14-0x0000000003470000-0x0000000003471000-memory.dmp

Filesize
4KB

Download
memory/4060-15-0x0000000003470000-0x0000000003471000-memory.dmp

Filesize
4KB

Download
memory/4060-16-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/4060-19-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/4060-26-0x0000000003470000-0x0000000003476000-memory.dmp

Filesize
24KB

Download
memory/4060-11-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/4060-1-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download