5334219837264e564ab36dc45dc2ed810e6c2a7457be1a90d22d5eae99e1adf9

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 04:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e9d6d3583a4fd55b0994c0820314660.exe
Size

444KB
MD5

0e9d6d3583a4fd55b0994c0820314660
SHA1

bc42dba7727415aa96484390defe2b5ecac9d5f5
SHA256

5334219837264e564ab36dc45dc2ed810e6c2a7457be1a90d22d5eae99e1adf9
SHA512

434dc36ffb45ee3950c76d52c8cfbe8de8673a03d232bbf1378f326f2665654674f38ae397855fe79821d4dcd446afe2e573baab4a6ddfa81f2a4998ffeade95
SSDEEP

12288:k9ett4w0flrnjErt2HD2LAgmWxKIPJGj96:k9ettd0fsxbCIBGp6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1640	SverDLL.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\SverDLL.exe	0e9d6d3583a4fd55b0994c0820314660.exe
File opened for modification	C:\Windows\SysWOW64\SverDLL.exe	0e9d6d3583a4fd55b0994c0820314660.exe
File opened for modification	C:\Windows\SysWOW64\SverDLL.exe	SverDLL.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\GUOCYOKl.BAT	0e9d6d3583a4fd55b0994c0820314660.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4596	0e9d6d3583a4fd55b0994c0820314660.exe
Token: SeDebugPrivilege	1640	SverDLL.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4596 wrote to memory of 1284	4596	0e9d6d3583a4fd55b0994c0820314660.exe	94
PID 4596 wrote to memory of 1284	4596	0e9d6d3583a4fd55b0994c0820314660.exe	94
PID 4596 wrote to memory of 1284	4596	0e9d6d3583a4fd55b0994c0820314660.exe	94

C:\Users\Admin\AppData\Local\Temp\0e9d6d3583a4fd55b0994c0820314660.exe
"C:\Users\Admin\AppData\Local\Temp\0e9d6d3583a4fd55b0994c0820314660.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4596
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\GUOCYOKl.BAT
  2⤵
  PID:1284

C:\Windows\SysWOW64\SverDLL.exe
C:\Windows\SysWOW64\SverDLL.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\GUOCYOKl.BAT

Filesize
190B

MD5
c271b57cdf2efdf373f2cf5afcb106b3

SHA1
1559ddc5e97efbb57909b91b91cf619a2a86296b

SHA256
1eefdc4b47a2bab39d6056913191b127b6b9f88432a49acf0e99897bbc447dcd

SHA512
6732d2312cc866361b07e9fb044452ae2d5cb7e30c9484861e10f3506f9bb7f41cd3664f52b5acb8c985da26dce19232ef59f991b1e65b15457be0c7762c70e1

Download Submit
C:\Windows\SysWOW64\SverDLL.exe

Filesize
444KB

MD5
0e9d6d3583a4fd55b0994c0820314660

SHA1
bc42dba7727415aa96484390defe2b5ecac9d5f5

SHA256
5334219837264e564ab36dc45dc2ed810e6c2a7457be1a90d22d5eae99e1adf9

SHA512
434dc36ffb45ee3950c76d52c8cfbe8de8673a03d232bbf1378f326f2665654674f38ae397855fe79821d4dcd446afe2e573baab4a6ddfa81f2a4998ffeade95

Download Submit
memory/4596-0-0x0000000000400000-0x0000000000566000-memory.dmp

Filesize
1.4MB

Download
memory/4596-1-0x0000000000900000-0x0000000000901000-memory.dmp

Filesize
4KB

Download
memory/4596-3-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/4596-54-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/4596-53-0x0000000002990000-0x0000000002991000-memory.dmp

Filesize
4KB

Download
memory/4596-52-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/4596-55-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/4596-65-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/4596-64-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/4596-63-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download
memory/4596-60-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/4596-59-0x0000000002D50000-0x0000000002D51000-memory.dmp

Filesize
4KB

Download
memory/4596-58-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4596-57-0x0000000002D30000-0x0000000002D31000-memory.dmp

Filesize
4KB

Download
memory/4596-56-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/4596-50-0x0000000002980000-0x0000000002981000-memory.dmp

Filesize
4KB

Download
memory/4596-51-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/4596-49-0x0000000002950000-0x0000000002951000-memory.dmp

Filesize
4KB

Download
memory/4596-48-0x0000000002960000-0x0000000002961000-memory.dmp

Filesize
4KB

Download
memory/4596-47-0x0000000002930000-0x0000000002931000-memory.dmp

Filesize
4KB

Download
memory/4596-46-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download
memory/4596-45-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/4596-44-0x00000000028D0000-0x00000000028D1000-memory.dmp

Filesize
4KB

Download
memory/4596-43-0x00000000028E0000-0x00000000028E1000-memory.dmp

Filesize
4KB

Download
memory/4596-42-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/4596-41-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/4596-40-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/4596-39-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/4596-38-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/4596-37-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/4596-36-0x0000000002710000-0x0000000002711000-memory.dmp

Filesize
4KB

Download
memory/4596-35-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/4596-34-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download
memory/4596-33-0x0000000002700000-0x0000000002701000-memory.dmp

Filesize
4KB

Download
memory/4596-32-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/4596-31-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/4596-30-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/4596-29-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/4596-28-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/4596-27-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/4596-26-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/4596-25-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/4596-24-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/4596-23-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/4596-22-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/4596-21-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/4596-20-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/4596-19-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/4596-18-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/4596-17-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/4596-16-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/4596-15-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/4596-14-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/4596-13-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/4596-12-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/4596-11-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/4596-10-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4596-9-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/4596-8-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/4596-7-0x0000000002460000-0x0000000002463000-memory.dmp

Filesize
12KB

Download
memory/4596-6-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/4596-5-0x0000000000900000-0x0000000000901000-memory.dmp

Filesize
4KB

Download
memory/4596-4-0x0000000000A50000-0x0000000000A51000-memory.dmp

Filesize
4KB

Download
memory/4596-2-0x0000000002240000-0x0000000002283000-memory.dmp

Filesize
268KB

Download