75ddb6531734dac744769578fb12c7be3a37a090716a14676122ecccc19328d6

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 23:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

06eac92f6b9f34702c3d3bd2bd9555e7.exe
Size

494KB
MD5

06eac92f6b9f34702c3d3bd2bd9555e7
SHA1

390bc1b081fcc49ec8b4f5839f7b289e582027c8
SHA256

75ddb6531734dac744769578fb12c7be3a37a090716a14676122ecccc19328d6
SHA512

125b3c361c2d89bb6eaa5c95ee822268612c0d85341667a9ff53df18451723f995f4445c498da94f7521125a6cfb852f5ffd8c1efc933b9e3f607ba1c4f053c1
SSDEEP

6144:8ujkkw+rbv1L7AESgXqvbvewud9Tsh+xpYT7diMRVg6D098gWNlPTGQQm6agrdo9:8F+/B/Sxz2vpm7diMRaCNtTirdorJ/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
872	lsass.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\lsass.exe	06eac92f6b9f34702c3d3bd2bd9555e7.exe
File opened for modification	C:\Windows\lsass.exe	06eac92f6b9f34702c3d3bd2bd9555e7.exe
File created	C:\Windows\GUOCYOKl.BAT	06eac92f6b9f34702c3d3bd2bd9555e7.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4972	06eac92f6b9f34702c3d3bd2bd9555e7.exe
Token: SeDebugPrivilege	872	lsass.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
872	lsass.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 756	872	lsass.exe	91
PID 872 wrote to memory of 756	872	lsass.exe	91
PID 4972 wrote to memory of 2916	4972	06eac92f6b9f34702c3d3bd2bd9555e7.exe	93
PID 4972 wrote to memory of 2916	4972	06eac92f6b9f34702c3d3bd2bd9555e7.exe	93
PID 4972 wrote to memory of 2916	4972	06eac92f6b9f34702c3d3bd2bd9555e7.exe	93

C:\Users\Admin\AppData\Local\Temp\06eac92f6b9f34702c3d3bd2bd9555e7.exe
"C:\Users\Admin\AppData\Local\Temp\06eac92f6b9f34702c3d3bd2bd9555e7.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\GUOCYOKl.BAT
  2⤵
  PID:2916

C:\Windows\lsass.exe
C:\Windows\lsass.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:872
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\GUOCYOKl.BAT

Filesize
190B

MD5
ab9f8730fb7978ce94492d8742768bf6

SHA1
ded0cb25917cd1f1284db02e0bce3c7211940ed0

SHA256
ee9e04a6572fb097d47b891c7633905cd9f7fa9c4625b122ead53ace7805e162

SHA512
236d3e6fad440585e850a61e9ee356224f5fa5d7f25398742bc87dd71573a473d983fc89790c96ba87a32f64ce2d70785aba626fbeca7ad53d61e2b5078bc924

Download Submit
C:\Windows\lsass.exe

Filesize
494KB

MD5
06eac92f6b9f34702c3d3bd2bd9555e7

SHA1
390bc1b081fcc49ec8b4f5839f7b289e582027c8

SHA256
75ddb6531734dac744769578fb12c7be3a37a090716a14676122ecccc19328d6

SHA512
125b3c361c2d89bb6eaa5c95ee822268612c0d85341667a9ff53df18451723f995f4445c498da94f7521125a6cfb852f5ffd8c1efc933b9e3f607ba1c4f053c1

Download Submit
memory/4972-0-0x0000000000400000-0x00000000004F4200-memory.dmp

Filesize
976KB

Download
memory/4972-1-0x0000000000830000-0x0000000000873000-memory.dmp

Filesize
268KB

Download
memory/4972-4-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/4972-5-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/4972-6-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/4972-7-0x0000000002520000-0x0000000002523000-memory.dmp

Filesize
12KB

Download
memory/4972-3-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/4972-2-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/4972-10-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/4972-9-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/4972-11-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/4972-16-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/4972-17-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/4972-22-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/4972-23-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/4972-27-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/4972-26-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/4972-28-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/4972-29-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/4972-42-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/4972-41-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/4972-46-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/4972-44-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/4972-45-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/4972-47-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/4972-43-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/4972-48-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/4972-49-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download
memory/4972-57-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/4972-65-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/4972-64-0x0000000002E30000-0x0000000002E31000-memory.dmp

Filesize
4KB

Download
memory/4972-63-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/4972-62-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/4972-61-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

Filesize
4KB

Download
memory/4972-60-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/4972-59-0x0000000002A80000-0x0000000002A81000-memory.dmp

Filesize
4KB

Download
memory/4972-58-0x0000000002A90000-0x0000000002A91000-memory.dmp

Filesize
4KB

Download
memory/4972-56-0x0000000002A70000-0x0000000002A71000-memory.dmp

Filesize
4KB

Download
memory/4972-55-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/4972-54-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/4972-53-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/4972-52-0x0000000002A30000-0x0000000002A31000-memory.dmp

Filesize
4KB

Download
memory/4972-40-0x0000000002860000-0x0000000002861000-memory.dmp

Filesize
4KB

Download
memory/4972-39-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/4972-38-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download
memory/4972-37-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/4972-36-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4972-35-0x00000000027E0000-0x00000000027E1000-memory.dmp

Filesize
4KB

Download
memory/4972-34-0x00000000027F0000-0x00000000027F1000-memory.dmp

Filesize
4KB

Download
memory/4972-33-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/4972-32-0x00000000027D0000-0x00000000027D1000-memory.dmp

Filesize
4KB

Download
memory/4972-30-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/4972-31-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/4972-25-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/4972-24-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/4972-21-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/4972-20-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/4972-19-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/4972-18-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/4972-15-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/4972-14-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/4972-13-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/4972-12-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/4972-8-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/4972-148-0x0000000000400000-0x00000000004F4200-memory.dmp

Filesize
976KB

Download