1785763263ce7db051dd49855a756da20ed9d9d25f62215fd383460aaf98e665

Analysis

max time kernel
180s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b20b738554bb4278c3cd051bbee9343.exe
Size

669KB
MD5

0b20b738554bb4278c3cd051bbee9343
SHA1

bf4282db33611719203e18bdd31d54821d57b967
SHA256

1785763263ce7db051dd49855a756da20ed9d9d25f62215fd383460aaf98e665
SHA512

6a03b5b3998d138044186665ca2f0e393ed53f21244745b3e891192660e47256a4240205a2980a53a5fa738ed65237ce4626ffc437c2c536584c172f417b0683
SSDEEP

12288:lcMQfeS+Eln95O5m8fPrdHFRRwlkVxENYWo1F3Z4mxxxEO6YPXTF8ews7:lpw/+q95O5m2tzGlMEqWcQmXxh6YPXTP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1660	Hacker.com.cn.exe

Loads dropped DLL 4 IoCs

pid	Process
1660	Hacker.com.cn.exe
1660	Hacker.com.cn.exe
1660	Hacker.com.cn.exe
1660	Hacker.com.cn.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Hacker.com.cn.exe	0b20b738554bb4278c3cd051bbee9343.exe
File opened for modification	C:\Windows\Hacker.com.cn.exe	0b20b738554bb4278c3cd051bbee9343.exe
File created	C:\Windows\VIUTOG.DAT	0b20b738554bb4278c3cd051bbee9343.exe
File created	C:\Windows\VQYIOQ.DAT	0b20b738554bb4278c3cd051bbee9343.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	784	0b20b738554bb4278c3cd051bbee9343.exe
Token: SeDebugPrivilege	1660	Hacker.com.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1660	Hacker.com.cn.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1660	Hacker.com.cn.exe
1660	Hacker.com.cn.exe
1660	Hacker.com.cn.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 1876	1660	Hacker.com.cn.exe	94
PID 1660 wrote to memory of 1876	1660	Hacker.com.cn.exe	94

C:\Users\Admin\AppData\Local\Temp\0b20b738554bb4278c3cd051bbee9343.exe
"C:\Users\Admin\AppData\Local\Temp\0b20b738554bb4278c3cd051bbee9343.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:784

C:\Windows\Hacker.com.cn.exe
C:\Windows\Hacker.com.cn.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Hacker.com.cn.exe

Filesize
669KB

MD5
0b20b738554bb4278c3cd051bbee9343

SHA1
bf4282db33611719203e18bdd31d54821d57b967

SHA256
1785763263ce7db051dd49855a756da20ed9d9d25f62215fd383460aaf98e665

SHA512
6a03b5b3998d138044186665ca2f0e393ed53f21244745b3e891192660e47256a4240205a2980a53a5fa738ed65237ce4626ffc437c2c536584c172f417b0683

Download Submit
C:\Windows\VIUTOG.DAT

Filesize
51KB

MD5
d58f992c53515c9f1fb9394a46f4cb48

SHA1
1f9909d227b93be10328e0abc64052da984657ba

SHA256
50c6b8848b0a9cf6a6b579928dc6e5c75cf7564c19bb7b40d86ba9d360ebb040

SHA512
3a87c279fbbbaff2bfe791c523716ad092c41099b8914ba369565014502d408084259d4efe6896d785c024935b181ca34cf49e3b79f3f1a89ee1c9d775635d94

Download Submit
C:\Windows\VQYIOQ.DAT

Filesize
55KB

MD5
6853cba3ccc11699c2d840f41c10393f

SHA1
80a430dcc2cb34b05d433f0f63b8ef8a6a09bbe3

SHA256
0bcf3f4ff7862cd885003b8ecc4d424a2fd418fd64412ffe95a9c4221cc3de59

SHA512
a02fef8b7c721459fa6f081a1208bf8dd84d957663b4d711b9f6f1731deedf977e5a391ec7481797da7a594c3dd133e84865133855dcdbe6da2128887270114c

Download Submit
memory/784-15-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/784-5-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/784-11-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/784-13-0x0000000003620000-0x0000000003621000-memory.dmp

Filesize
4KB

Download
memory/784-12-0x0000000003520000-0x0000000003523000-memory.dmp

Filesize
12KB

Download
memory/784-10-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/784-16-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/784-0-0x0000000000400000-0x0000000000535000-memory.dmp

Filesize
1.2MB

Download
memory/784-14-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/784-19-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/784-23-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/784-22-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/784-9-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/784-8-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/784-7-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/784-6-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/784-46-0x00000000023B0000-0x0000000002404000-memory.dmp

Filesize
336KB

Download
memory/784-3-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/784-4-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/784-45-0x0000000000400000-0x0000000000535000-memory.dmp

Filesize
1.2MB

Download
memory/784-1-0x00000000023B0000-0x0000000002404000-memory.dmp

Filesize
336KB

Download
memory/784-2-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/1660-32-0x0000000002D60000-0x0000000002D72000-memory.dmp

Filesize
72KB

Download
memory/1660-35-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/1660-38-0x0000000002E80000-0x0000000002E93000-memory.dmp

Filesize
76KB

Download
memory/1660-39-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/1660-44-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/1660-43-0x0000000000EF0000-0x0000000000F44000-memory.dmp

Filesize
336KB

Download
memory/1660-42-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/1660-40-0x00000000020B0000-0x00000000020B1000-memory.dmp

Filesize
4KB

Download
memory/1660-33-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/1660-26-0x0000000000400000-0x0000000000535000-memory.dmp

Filesize
1.2MB

Download
memory/1660-41-0x0000000001200000-0x0000000001201000-memory.dmp

Filesize
4KB

Download
memory/1660-27-0x0000000002090000-0x0000000002190000-memory.dmp

Filesize
1024KB

Download
memory/1660-28-0x00000000020A0000-0x00000000020A1000-memory.dmp

Filesize
4KB

Download
memory/1660-47-0x0000000002D60000-0x0000000002D72000-memory.dmp

Filesize
72KB

Download
memory/1660-48-0x0000000002E80000-0x0000000002E93000-memory.dmp

Filesize
76KB

Download
memory/1660-49-0x0000000000400000-0x0000000000535000-memory.dmp

Filesize
1.2MB

Download
memory/1660-50-0x0000000002090000-0x0000000002190000-memory.dmp

Filesize
1024KB

Download