000ca1cc7688a32beb371fdaa1e553979eb3ea20ac43e77b3bbd0f979c5001f1

Analysis

max time kernel
178s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08b9d99db62aa26223053dfdab574c6d.exe
Size

548KB
MD5

08b9d99db62aa26223053dfdab574c6d
SHA1

23455e1832dd483085c0fed8f7b48e8b5419d6e9
SHA256

000ca1cc7688a32beb371fdaa1e553979eb3ea20ac43e77b3bbd0f979c5001f1
SHA512

8df53462634b43335f390f3372837090b35286d6840387c795a450d14c43a5e9ab5a782288d43b2f011bf6303b4e2f29e974ca72582b5522617187002123bd83
SSDEEP

12288:3/8uXbKppS5x+bJYHv1v797oEu1c2obY7rbW7OJwjs45D0:P8uXISf+baHN7979MocHy7qqsmQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2192	Hacker.com.cn.ini

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\Hacker.com.cn.ini	08b9d99db62aa26223053dfdab574c6d.exe
File opened for modification	C:\Windows\Hacker.com.cn.ini	08b9d99db62aa26223053dfdab574c6d.exe
File created	C:\Windows\uninstal.bat	08b9d99db62aa26223053dfdab574c6d.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4796	08b9d99db62aa26223053dfdab574c6d.exe
Token: SeDebugPrivilege	2192	Hacker.com.cn.ini

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2192	Hacker.com.cn.ini

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 3228	4796	08b9d99db62aa26223053dfdab574c6d.exe	94
PID 4796 wrote to memory of 3228	4796	08b9d99db62aa26223053dfdab574c6d.exe	94
PID 4796 wrote to memory of 3228	4796	08b9d99db62aa26223053dfdab574c6d.exe	94

C:\Users\Admin\AppData\Local\Temp\08b9d99db62aa26223053dfdab574c6d.exe
"C:\Users\Admin\AppData\Local\Temp\08b9d99db62aa26223053dfdab574c6d.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
  2⤵
  PID:3228

C:\Windows\Hacker.com.cn.ini
C:\Windows\Hacker.com.cn.ini
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Hacker.com.cn.ini

Filesize
548KB

MD5
08b9d99db62aa26223053dfdab574c6d

SHA1
23455e1832dd483085c0fed8f7b48e8b5419d6e9

SHA256
000ca1cc7688a32beb371fdaa1e553979eb3ea20ac43e77b3bbd0f979c5001f1

SHA512
8df53462634b43335f390f3372837090b35286d6840387c795a450d14c43a5e9ab5a782288d43b2f011bf6303b4e2f29e974ca72582b5522617187002123bd83

Download Submit
C:\Windows\uninstal.bat

Filesize
190B

MD5
2c3c39492ea4f02c740299c1fc0466a0

SHA1
97e0b430b59feea31b1e744b8aeb0134c9327c8c

SHA256
52279cc365526049676a443518b77a71ff5a05481f6c88b7000099d7e63af754

SHA512
45aaecad77def8382e8cdd8921a13901f035827b2476259b431cecfd8e04e34c6b0483094e1e763d9bc557c34cc1db091b6b5afe60e46f6d1a4e9b65d7065238

Download Submit
memory/4796-0-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download
memory/4796-1-0x00000000022A0000-0x00000000022F0000-memory.dmp

Filesize
320KB

Download
memory/4796-2-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/4796-4-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/4796-3-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/4796-10-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/4796-9-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/4796-15-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-45-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/4796-63-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-62-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-61-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-60-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-59-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-58-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/4796-57-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/4796-56-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/4796-55-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/4796-54-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/4796-52-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/4796-53-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/4796-51-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/4796-50-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/4796-49-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/4796-48-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/4796-47-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/4796-46-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-44-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/4796-43-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/4796-42-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/4796-41-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/4796-40-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/4796-39-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/4796-38-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/4796-37-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-36-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-35-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-34-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-33-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-32-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-31-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-30-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-29-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-28-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-27-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-26-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-25-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-24-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-23-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-22-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-21-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-20-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-19-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-18-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-17-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-16-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-14-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4796-13-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/4796-12-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/4796-11-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4796-8-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/4796-7-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/4796-6-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/4796-5-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/4796-183-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download
memory/4796-184-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download