Overview

overview

7

Static

static

3

0bd38c69ae...d4.exe

windows7-x64

7

0bd38c69ae...d4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 02:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0bd38c69ae4763dd44dc40cb982170d4.exe

  • Size

    305KB

  • MD5

    0bd38c69ae4763dd44dc40cb982170d4

  • SHA1

    99edf989e39a87b289b8200f2d123f223fada294

  • SHA256

    18cd8e5fb03291f1b7ab6f96cf446be56d8a06bd3a9e20c91c371a1608f3144a

  • SHA512

    3baae20b017aedd6f36eed917a676672274028ebfb106445316e4775137a1de8205436944aee57527b6317e303a66cb40f4104658bb579255715de8687e52ce3

  • SSDEEP

    6144:B0xLhFosRvIISKjI/NDdFqNOwoFf7DkeQ14xc+MTs:oUMS2GNDko57DU1YQT

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0bd38c69ae4763dd44dc40cb982170d4.exe
    "C:\Users\Admin\AppData\Local\Temp\0bd38c69ae4763dd44dc40cb982170d4.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:908
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\Delete.bat
      2⤵
        PID:2112
    • C:\Windows\SysWOW64\Com\comv
      C:\Windows\SysWOW64\Com\comv
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4464

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Delete.bat
      Filesize

      186B

      MD5

      9564e1201016e1c0b3cd3b49f3efc30b

      SHA1

      cfb2a3f2f1c3dbae53c710a3d46047123b5d4aac

      SHA256

      f525def4f5c814143bee49e10faf792737a11ac622d05cf16633261996b8eb07

      SHA512

      73a50640a2b43baabaabcfaf268b957eaabea52b0b710d111672f6e49d7cbf849500801ef25fff496183fd4d075c8ee2844c2f570b6bf496c837f67d77d53ed5

      Download Submit

    • C:\Windows\SysWOW64\Com\comv
      Filesize

      305KB

      MD5

      0bd38c69ae4763dd44dc40cb982170d4

      SHA1

      99edf989e39a87b289b8200f2d123f223fada294

      SHA256

      18cd8e5fb03291f1b7ab6f96cf446be56d8a06bd3a9e20c91c371a1608f3144a

      SHA512

      3baae20b017aedd6f36eed917a676672274028ebfb106445316e4775137a1de8205436944aee57527b6317e303a66cb40f4104658bb579255715de8687e52ce3

      Download Submit

    • memory/908-0-0x00000000009A0000-0x00000000009A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4464-5-0x0000000000DE0000-0x0000000000DE1000-memory.dmp

      Filesize

      4KB

      Download