1e4fe73766ed76e4cbbac0d559b0b55f3c6957746a7bb93ae8daeda05706341f

Analysis

max time kernel
174s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01f90b6680e5f07ea60cb7a1facd2257.exe
Size

637KB
MD5

01f90b6680e5f07ea60cb7a1facd2257
SHA1

2181e83ba013ae6f57791ecd3f6c292a5fc2509f
SHA256

1e4fe73766ed76e4cbbac0d559b0b55f3c6957746a7bb93ae8daeda05706341f
SHA512

c9071874d904c83ad147961c611e5df5999d3e89597e21669a41b7c630dc41db38b0f1ac3af18f1c33db62b65b211efe8cacdf8943e2eddba3e62c1da8bf3000
SSDEEP

12288:osO5OtdEZBwT6qttAPEnGOCTha6vS0c9ZsD0B3sTq2WNl3y:oVQSjwvtwov16vS0cvM0B3yq2WTy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2608	sxe21ED.tmp
388	WebSafe.ini

Loads dropped DLL 2 IoCs

pid	Process
1080	01f90b6680e5f07ea60cb7a1facd2257.exe
1080	01f90b6680e5f07ea60cb7a1facd2257.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WebSafe.ini	sxe21ED.tmp
File opened for modification	C:\Windows\SysWOW64\WebSafe.ini	sxe21ED.tmp
File opened for modification	C:\Windows\SysWOW64\WebSafe.ini	WebSafe.ini

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\uninstal.bat	sxe21ED.tmp

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2608	sxe21ED.tmp
Token: SeDebugPrivilege	388	WebSafe.ini

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1080 wrote to memory of 2608	1080	01f90b6680e5f07ea60cb7a1facd2257.exe	93
PID 1080 wrote to memory of 2608	1080	01f90b6680e5f07ea60cb7a1facd2257.exe	93
PID 1080 wrote to memory of 2608	1080	01f90b6680e5f07ea60cb7a1facd2257.exe	93
PID 2608 wrote to memory of 2144	2608	sxe21ED.tmp	98
PID 2608 wrote to memory of 2144	2608	sxe21ED.tmp	98
PID 2608 wrote to memory of 2144	2608	sxe21ED.tmp	98

C:\Users\Admin\AppData\Local\Temp\01f90b6680e5f07ea60cb7a1facd2257.exe
"C:\Users\Admin\AppData\Local\Temp\01f90b6680e5f07ea60cb7a1facd2257.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1080
- C:\Users\Admin\AppData\Local\Temp\sxe21ED.tmp
  "C:\Users\Admin\AppData\Local\Temp\sxe21ED.tmp"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2608
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
    3⤵
    PID:2144

C:\Windows\SysWOW64\WebSafe.ini
C:\Windows\SysWOW64\WebSafe.ini
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\sxe2110.tmp

Filesize
15KB

MD5
bd815b61f9948f93aface4033fbb4423

SHA1
b5391484009b39053fc8b1bba63d444969bafcfa

SHA256
b018bf9e9f8b6d945e6a2a25984970634884afabc580af2b4e855730520d5d76

SHA512
a363abe97b5a44e5d36af859e8d484daffe1d8e321c87969a75d1bfaa4288a5e6be1922a02c6d72937c84e81a79a1c7f6c9f2a44a995cac3f993ed5608afcd71

Download Submit
C:\Users\Admin\AppData\Local\Temp\sxe21ED.tmp

Filesize
637KB

MD5
6833da160cda68c24e584aabd784f218

SHA1
598908df0a14c93eda637acc0c53a01e19dbc079

SHA256
62957dc61d9dae6f672e8301553ac7cd9b0a8533276aeadfbc6f2292951e0cdd

SHA512
e709e73d6bc76fdabd1574ba5c88108b423c7c2bf62d9bbe1011ae2566953baba0c6a59fa34102f84cd9b965425f03fbffd00cc03edb417eb319b8905c83641f

Download Submit
C:\Windows\SysWOW64\WebSafe.ini

Filesize
512KB

MD5
6b2a2941d4dc1e21f1674e4bc07f7a58

SHA1
6254ff9f8d13e76addb10cfa36e142a7f69c408d

SHA256
6658347634e4344dc92d6c0a6db7b4a04b3240f97d12c247200e6fe185d493e9

SHA512
a75cbfc529002e29317734eebb8ecb2f969a161aa47e5ac5dc28a1eece2dbfd8b17eeb6b9a4e43136e97fc3da865eef089a30f25eb95254f3f47bf642cdbd230

Download Submit
C:\Windows\SysWOW64\WebSafe.ini

Filesize
64KB

MD5
38a66339eae656d42c29e0869d94a70f

SHA1
8a0e1066dd20afdd5a7d2da30bffbf989b59180f

SHA256
e77fcf262e648e5ea3a9184beb9e97fbe866926d35746c97f2341dafab2d975d

SHA512
aef31b14fb54141820a68534d52f019ffcb73eff0e380db40985ee9d97bee668293f9bd60e3d5b62d4203fca00599ee8045658ebf76ecaac46d6b10f07af0621

Download Submit
C:\Windows\uninstal.bat

Filesize
140B

MD5
f4b1f19949dbe3821ca6216591b0d240

SHA1
6e815f5cddaab7599c3aab70aabf7d2aa3535c08

SHA256
29c80d09f08957f8f8304c57fd957bc4181f990d72587930616203470ba300ee

SHA512
33b13916db9df43359275c2b37409a63ae7958a587f29363da5649d6ea09cbcc1b5bb0a223b3a4cbcddc13812d25cc650d9256b5e18837ba1e153b84e5b39571

Download Submit
memory/388-152-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/388-147-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/1080-0-0x0000000000400000-0x0000000000541000-memory.dmp

Filesize
1.3MB

Download
memory/1080-1-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/1080-18-0x0000000000400000-0x0000000000541000-memory.dmp

Filesize
1.3MB

Download
memory/2608-66-0x0000000003950000-0x0000000003951000-memory.dmp

Filesize
4KB

Download
memory/2608-61-0x00000000037C0000-0x00000000037C1000-memory.dmp

Filesize
4KB

Download
memory/2608-23-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/2608-22-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/2608-24-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/2608-25-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/2608-32-0x0000000003600000-0x0000000003601000-memory.dmp

Filesize
4KB

Download
memory/2608-31-0x0000000003500000-0x0000000003503000-memory.dmp

Filesize
12KB

Download
memory/2608-30-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/2608-29-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/2608-26-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/2608-48-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/2608-56-0x0000000003740000-0x0000000003741000-memory.dmp

Filesize
4KB

Download
memory/2608-73-0x00000000039F0000-0x00000000039F1000-memory.dmp

Filesize
4KB

Download
memory/2608-74-0x00000000039E0000-0x00000000039E1000-memory.dmp

Filesize
4KB

Download
memory/2608-72-0x00000000039C0000-0x00000000039C1000-memory.dmp

Filesize
4KB

Download
memory/2608-76-0x0000000003A30000-0x0000000003A31000-memory.dmp

Filesize
4KB

Download
memory/2608-79-0x0000000003D80000-0x0000000003D81000-memory.dmp

Filesize
4KB

Download
memory/2608-78-0x0000000003D90000-0x0000000003D91000-memory.dmp

Filesize
4KB

Download
memory/2608-77-0x0000000003A20000-0x0000000003A21000-memory.dmp

Filesize
4KB

Download
memory/2608-75-0x0000000003A00000-0x0000000003A01000-memory.dmp

Filesize
4KB

Download
memory/2608-71-0x00000000039D0000-0x00000000039D1000-memory.dmp

Filesize
4KB

Download
memory/2608-70-0x00000000039A0000-0x00000000039A1000-memory.dmp

Filesize
4KB

Download
memory/2608-69-0x00000000039B0000-0x00000000039B1000-memory.dmp

Filesize
4KB

Download
memory/2608-68-0x0000000003980000-0x0000000003981000-memory.dmp

Filesize
4KB

Download
memory/2608-67-0x0000000003990000-0x0000000003991000-memory.dmp

Filesize
4KB

Download
memory/2608-20-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/2608-65-0x0000000003920000-0x0000000003921000-memory.dmp

Filesize
4KB

Download
memory/2608-64-0x00000000037D0000-0x00000000037D1000-memory.dmp

Filesize
4KB

Download
memory/2608-63-0x00000000037E0000-0x00000000037E1000-memory.dmp

Filesize
4KB

Download
memory/2608-62-0x00000000037B0000-0x00000000037B1000-memory.dmp

Filesize
4KB

Download
memory/2608-21-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/2608-60-0x0000000003790000-0x0000000003791000-memory.dmp

Filesize
4KB

Download
memory/2608-59-0x00000000037A0000-0x00000000037A1000-memory.dmp

Filesize
4KB

Download
memory/2608-58-0x0000000003760000-0x0000000003761000-memory.dmp

Filesize
4KB

Download
memory/2608-57-0x0000000003770000-0x0000000003771000-memory.dmp

Filesize
4KB

Download
memory/2608-55-0x0000000003750000-0x0000000003751000-memory.dmp

Filesize
4KB

Download
memory/2608-54-0x0000000003720000-0x0000000003721000-memory.dmp

Filesize
4KB

Download
memory/2608-53-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/2608-52-0x0000000003610000-0x0000000003611000-memory.dmp

Filesize
4KB

Download
memory/2608-51-0x00000000035E0000-0x00000000035E1000-memory.dmp

Filesize
4KB

Download
memory/2608-50-0x00000000035F0000-0x00000000035F1000-memory.dmp

Filesize
4KB

Download
memory/2608-49-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/2608-47-0x00000000035A0000-0x00000000035A1000-memory.dmp

Filesize
4KB

Download
memory/2608-46-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/2608-45-0x0000000003580000-0x0000000003581000-memory.dmp

Filesize
4KB

Download
memory/2608-44-0x0000000003590000-0x0000000003591000-memory.dmp

Filesize
4KB

Download
memory/2608-43-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/2608-42-0x0000000003570000-0x0000000003571000-memory.dmp

Filesize
4KB

Download
memory/2608-41-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/2608-40-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/2608-39-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/2608-38-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/2608-37-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/2608-36-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/2608-35-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/2608-34-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2608-33-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/2608-106-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/2608-112-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/2608-19-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/2608-17-0x0000000002320000-0x0000000002374000-memory.dmp

Filesize
336KB

Download
memory/2608-160-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/2608-15-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download