312a7dbcfd308cf171cc09a223784106d61de979a2fecb88d437910c93accb43

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b59db903919345b77532576fdbddebe.exe
Size

43KB
MD5

0b59db903919345b77532576fdbddebe
SHA1

c4920e82b9e1262dcea87a22e912940fb9e48f0b
SHA256

312a7dbcfd308cf171cc09a223784106d61de979a2fecb88d437910c93accb43
SHA512

ff4231cf25ad22eedf43311a5ed8a8f03409b6cbf0f611a376ff0b209c11ce009b48c2be45b44e4ea042d6c5985f12020b2f3d0c740641e7ab654a0d5ac11ef3
SSDEEP

384:wDIjdDvu/HpZcFS5JAj3okPRdDa6mr4sPzzB3:ws5C/JZ0STO3lpcIqB3

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1864	0b59db903919345b77532576fdbddebe.exe
1864	0b59db903919345b77532576fdbddebe.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1864	0b59db903919345b77532576fdbddebe.exe

C:\Users\Admin\AppData\Local\Temp\0b59db903919345b77532576fdbddebe.exe
"C:\Users\Admin\AppData\Local\Temp\0b59db903919345b77532576fdbddebe.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~!#21D8.tmp

Filesize
29KB

MD5
d36f45bff05a44213e18434580ca01cb

SHA1
a0bc828cd1f4006f320e13b09a1fdd7892ad671e

SHA256
9c0ac03723686c4ca9b5a26fcc26419d5cd6bc2507fdedee26fb54f47650c6bc

SHA512
ea46dd4a8c68066a2d2dffcc6c0ca2efe96e6cb3adf434f14d835bf1f0b7ec893b92b568c0689ad2a2b20c2f3de69dbe3d79e150b28fa8c4570df9f835b04098

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#29F7.tmp

Filesize
5KB

MD5
2120ed062db970fc35e99385d3a60d5f

SHA1
0a18f4012c0de7bb5a5376bdb5978ee71529879a

SHA256
61901479184f5c7e03d595397ade20033809ca31a3ac8b8570cdf9df3f7b05c6

SHA512
ac5e3f763b78edb3d58562d0387ec86a73074bf70fcfcfd6572c680fcef93e0e501ce09089dc588e38890ea1cf0f8ccde76e340267186b61fe31b7a9ca1f3c19

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#47E9.tmp

Filesize
11KB

MD5
4cc04d79fa1893dc60e7c1b3df05894a

SHA1
1bcc75c0ce5181527129ace000a694fc4f0bba75

SHA256
2cae27eda1ffbf9c0edddd265308f6be76a1a0c4b1b0627de50c270ed8fbaa3b

SHA512
d5d6a4518f5f9047576b701b40bce14a2bbb6c936067b356d0b3d54249a24280d47c63c61a5f47423718fd12e3f8e9aba1763cde7db8ef964849bea61cac11a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#88AD.tmp

Filesize
10KB

MD5
f21718ea13d285581e53f170721e9967

SHA1
f8c1652180fd1d61a1516e2cd5b5bb9fe5e75e8b

SHA256
9bd4512a5484d7ebdd61e79f996675df309489f8a06612457c12b2c689282cb6

SHA512
9a8e7fbb3add0e46d8a7577f3f92ecbe2b51f9d8ad65dfda554ec005d56472f1255230add3717d43708ba5861918446acc8f643ec2370b65b93260f80987a1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#8979.tmp

Filesize
11KB

MD5
9af61b81ba4a8e60cdc819d755e710a2

SHA1
fd0b21e838e5ee061609c54dbf904ebf7a520d50

SHA256
a27791f0305a620e92dbf7d65bafb05c8b907cf90c9c0903768929a8e2358b77

SHA512
4107202cf882c13cd0cb4ca8a0f0e4f46bf3e64cfa066f092fb7b6faa544f63b75d4e5cdef963d0c183cc46e300cec10ffa390d98b5a97715704f8c4c001c280

Download Submit
memory/1864-0-0x00000000009C0000-0x00000000009C2000-memory.dmp

Filesize
8KB

Download
memory/1864-39-0x00000000009C0000-0x00000000009C2000-memory.dmp

Filesize
8KB

Download