c341dd5eb1bd242ece8a5f5a16884bf8c668a1e240beb8528fe69ba19102dfd0

Analysis

max time kernel
143s
max time network
81s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09fd6825f63146c189c1d71d7fc1fc59.exe
Size

494KB
MD5

09fd6825f63146c189c1d71d7fc1fc59
SHA1

7fece991077081495925c78f9c01bd70aab5e5b9
SHA256

c341dd5eb1bd242ece8a5f5a16884bf8c668a1e240beb8528fe69ba19102dfd0
SHA512

15c5161ac384a18cc0cada0f049e985736d168df579f431f7bf9b5b846e97dcf4bcee0f9dfa38c17f674ab4623a9a23c6d029046313ad78696e31c28fc08a265
SSDEEP

12288:i1Ra1rN4wopVauKAxZkhwryINtTirdorv3:iDrp4XAx+hwrywTEdo7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4888	EntSver.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\EntSver.exe	09fd6825f63146c189c1d71d7fc1fc59.exe
File opened for modification	C:\Windows\EntSver.exe	09fd6825f63146c189c1d71d7fc1fc59.exe
File created	C:\Windows\GUOCYOKl.BAT	09fd6825f63146c189c1d71d7fc1fc59.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2904	09fd6825f63146c189c1d71d7fc1fc59.exe
Token: SeDebugPrivilege	4888	EntSver.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4888	EntSver.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 2684	4888	EntSver.exe	18
PID 4888 wrote to memory of 2684	4888	EntSver.exe	18
PID 2904 wrote to memory of 3992	2904	09fd6825f63146c189c1d71d7fc1fc59.exe	22
PID 2904 wrote to memory of 3992	2904	09fd6825f63146c189c1d71d7fc1fc59.exe	22
PID 2904 wrote to memory of 3992	2904	09fd6825f63146c189c1d71d7fc1fc59.exe	22

C:\Users\Admin\AppData\Local\Temp\09fd6825f63146c189c1d71d7fc1fc59.exe
"C:\Users\Admin\AppData\Local\Temp\09fd6825f63146c189c1d71d7fc1fc59.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\GUOCYOKl.BAT
  2⤵
  PID:3992

C:\Windows\EntSver.exe
C:\Windows\EntSver.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2904-0-0x0000000000400000-0x00000000004F4000-memory.dmp

Filesize
976KB

Download
memory/2904-1-0x0000000000B20000-0x0000000000B63000-memory.dmp

Filesize
268KB

Download
memory/2904-4-0x0000000000B10000-0x0000000000B11000-memory.dmp

Filesize
4KB

Download
memory/2904-60-0x0000000002E30000-0x0000000002E31000-memory.dmp

Filesize
4KB

Download
memory/2904-65-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/2904-64-0x0000000002E70000-0x0000000002E71000-memory.dmp

Filesize
4KB

Download
memory/2904-62-0x0000000002E50000-0x0000000002E51000-memory.dmp

Filesize
4KB

Download
memory/2904-63-0x0000000002E40000-0x0000000002E41000-memory.dmp

Filesize
4KB

Download
memory/2904-61-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/2904-59-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/2904-58-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

Filesize
4KB

Download
memory/2904-57-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/2904-56-0x0000000002A80000-0x0000000002A81000-memory.dmp

Filesize
4KB

Download
memory/2904-55-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/2904-54-0x0000000002A70000-0x0000000002A71000-memory.dmp

Filesize
4KB

Download
memory/2904-53-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/2904-52-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/2904-51-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/2904-50-0x0000000002A30000-0x0000000002A31000-memory.dmp

Filesize
4KB

Download
memory/2904-49-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download
memory/2904-48-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/2904-47-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/2904-46-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/2904-45-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2904-44-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/2904-43-0x0000000002860000-0x0000000002861000-memory.dmp

Filesize
4KB

Download
memory/2904-42-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/2904-41-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download
memory/2904-40-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/2904-39-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/2904-38-0x00000000027E0000-0x00000000027E1000-memory.dmp

Filesize
4KB

Download
memory/2904-37-0x00000000027F0000-0x00000000027F1000-memory.dmp

Filesize
4KB

Download
memory/2904-36-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/2904-35-0x00000000027D0000-0x00000000027D1000-memory.dmp

Filesize
4KB

Download
memory/2904-34-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/2904-33-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/2904-32-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/2904-31-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/2904-30-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/2904-29-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/2904-28-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/2904-27-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/2904-26-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2904-25-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/2904-24-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/2904-23-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/2904-22-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/2904-21-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/2904-20-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/2904-19-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/2904-18-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/2904-17-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/2904-16-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/2904-15-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/2904-14-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/2904-13-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/2904-12-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2904-11-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/2904-10-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/2904-9-0x0000000002520000-0x0000000002523000-memory.dmp

Filesize
12KB

Download
memory/2904-5-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2904-6-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2904-2-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/2904-146-0x0000000000400000-0x00000000004F4000-memory.dmp

Filesize
976KB

Download
memory/2904-3-0x0000000000B70000-0x0000000000B71000-memory.dmp

Filesize
4KB

Download