bfaae5e8d87dcd19887a40da0f957307e3fdd28b4bdde209b2a9169fad27a036

Analysis

max time kernel
144s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

06e5a70d3fe9a8a69ae0472fffa1c7f4.exe
Size

696KB
MD5

06e5a70d3fe9a8a69ae0472fffa1c7f4
SHA1

b6f70c4a52b931dc98a83d1b64eeed7990615c8e
SHA256

bfaae5e8d87dcd19887a40da0f957307e3fdd28b4bdde209b2a9169fad27a036
SHA512

66d545299d6e9a6f746b4a807ec9a1c29af4e23d080bc2f04db42016e792b82d96df042773295f08fec0d9418d6a8a42fc5c1c3ae22cdfaceee6000a39613894
SSDEEP

12288:N5Vds1XLNbXj8mT9mpDelxXmmHzytzp4OF3Z4mxxNsB6RodXClGJwNepd++:NM5b9lmUzytzaOQmXNVEeGJw6

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
772	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2588	Hacker.com.cn.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\uninstal.bat	06e5a70d3fe9a8a69ae0472fffa1c7f4.exe
File created	C:\Windows\Hacker.com.cn.exe	06e5a70d3fe9a8a69ae0472fffa1c7f4.exe
File opened for modification	C:\Windows\Hacker.com.cn.exe	06e5a70d3fe9a8a69ae0472fffa1c7f4.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3000	06e5a70d3fe9a8a69ae0472fffa1c7f4.exe
Token: SeDebugPrivilege	2588	Hacker.com.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2588	Hacker.com.cn.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2588 wrote to memory of 2620	2588	Hacker.com.cn.exe	29
PID 2588 wrote to memory of 2620	2588	Hacker.com.cn.exe	29
PID 2588 wrote to memory of 2620	2588	Hacker.com.cn.exe	29
PID 2588 wrote to memory of 2620	2588	Hacker.com.cn.exe	29
PID 3000 wrote to memory of 772	3000	06e5a70d3fe9a8a69ae0472fffa1c7f4.exe	30
PID 3000 wrote to memory of 772	3000	06e5a70d3fe9a8a69ae0472fffa1c7f4.exe	30
PID 3000 wrote to memory of 772	3000	06e5a70d3fe9a8a69ae0472fffa1c7f4.exe	30
PID 3000 wrote to memory of 772	3000	06e5a70d3fe9a8a69ae0472fffa1c7f4.exe	30
PID 3000 wrote to memory of 772	3000	06e5a70d3fe9a8a69ae0472fffa1c7f4.exe	30
PID 3000 wrote to memory of 772	3000	06e5a70d3fe9a8a69ae0472fffa1c7f4.exe	30
PID 3000 wrote to memory of 772	3000	06e5a70d3fe9a8a69ae0472fffa1c7f4.exe	30

C:\Users\Admin\AppData\Local\Temp\06e5a70d3fe9a8a69ae0472fffa1c7f4.exe
"C:\Users\Admin\AppData\Local\Temp\06e5a70d3fe9a8a69ae0472fffa1c7f4.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\uninstal.bat
  2⤵
  - Deletes itself
  PID:772

C:\Windows\Hacker.com.cn.exe
C:\Windows\Hacker.com.cn.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2588
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Hacker.com.cn.exe

Filesize
696KB

MD5
06e5a70d3fe9a8a69ae0472fffa1c7f4

SHA1
b6f70c4a52b931dc98a83d1b64eeed7990615c8e

SHA256
bfaae5e8d87dcd19887a40da0f957307e3fdd28b4bdde209b2a9169fad27a036

SHA512
66d545299d6e9a6f746b4a807ec9a1c29af4e23d080bc2f04db42016e792b82d96df042773295f08fec0d9418d6a8a42fc5c1c3ae22cdfaceee6000a39613894

Download Submit
C:\Windows\uninstal.bat

Filesize
190B

MD5
0245de87c49c743dc3015ece6dee87ba

SHA1
d29d6841388e8617729130dd7a3a51917a63aa99

SHA256
a58aebd71a578187aa6c20089e0d07a2c80b4625a2380af6a086f7ff375e3b66

SHA512
1ba04f17219336407f8272aba441f11c3ebc33d42256da3464a1a8e5c8d46ca8f46faf66516389989d9ad5175648b2306d51c64eb211b2f81956c6167bb498cf

Download Submit
memory/2588-231-0x0000000000400000-0x000000000057D000-memory.dmp

Filesize
1.5MB

Download
memory/2588-232-0x0000000000400000-0x000000000057D000-memory.dmp

Filesize
1.5MB

Download
memory/2588-294-0x0000000000400000-0x000000000057D000-memory.dmp

Filesize
1.5MB

Download
memory/3000-31-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/3000-35-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-2-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/3000-4-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/3000-12-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-11-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-10-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/3000-9-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/3000-8-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3000-5-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/3000-3-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/3000-13-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-14-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-16-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/3000-15-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-18-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/3000-17-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/3000-19-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/3000-20-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/3000-21-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/3000-22-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/3000-23-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/3000-24-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/3000-25-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/3000-26-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/3000-27-0x0000000001E60000-0x0000000001E61000-memory.dmp

Filesize
4KB

Download
memory/3000-28-0x0000000001E40000-0x0000000001E41000-memory.dmp

Filesize
4KB

Download
memory/3000-29-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/3000-30-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

Filesize
4KB

Download
memory/3000-0-0x0000000000400000-0x000000000057D000-memory.dmp

Filesize
1.5MB

Download
memory/3000-32-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-33-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-1-0x0000000000330000-0x0000000000384000-memory.dmp

Filesize
336KB

Download
memory/3000-36-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-34-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-38-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-37-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-39-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-40-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-41-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-42-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-44-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-43-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-45-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-46-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-48-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-47-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-49-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-50-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-51-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-52-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-53-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-54-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-55-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-56-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-57-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-58-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-59-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-60-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-61-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-62-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-63-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-64-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-65-0x0000000003290000-0x00000000032D0000-memory.dmp

Filesize
256KB

Download
memory/3000-228-0x0000000000400000-0x000000000057D000-memory.dmp

Filesize
1.5MB

Download