c996a59356f328730b11d5e81c26132e5a88363df6b9b018ef22044c2ac2579b

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11c8b4cb24a174c67ddc4c91c316f4da.exe
Size

191KB
MD5

11c8b4cb24a174c67ddc4c91c316f4da
SHA1

697c1d7724c77830a1b5a0f5c30a84b3db2a0eb1
SHA256

c996a59356f328730b11d5e81c26132e5a88363df6b9b018ef22044c2ac2579b
SHA512

c100b62a88eb9eef15aa6d29a45de919d65bef93edb484ded66a0d03daac4d631ed21c52325f903ae895038669c85a13934fbd951b5acd7e8919d4b538026d6d
SSDEEP

3072:ATEm4y+K8ATg7sjY5cQh0O1KPjizbkTF5pcjNvpDDJzKU+fpYlm:xXK8pmY5th0OEP2z0bpcjNvrP+Wm

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

Processes:

11c8b4cb24a174c67ddc4c91c316f4da.exesvchost.exesvchost.exe

pid	process
1156	11c8b4cb24a174c67ddc4c91c316f4da.exe
1156	11c8b4cb24a174c67ddc4c91c316f4da.exe
1156	11c8b4cb24a174c67ddc4c91c316f4da.exe
2636	svchost.exe
2732	svchost.exe
2636	svchost.exe
2636	svchost.exe
2732	svchost.exe
2732	svchost.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

11c8b4cb24a174c67ddc4c91c316f4da.exesvchost.exe

pid process

1156 11c8b4cb24a174c67ddc4c91c316f4da.exe
1156 11c8b4cb24a174c67ddc4c91c316f4da.exe
2636 svchost.exe
2636 svchost.exe
Suspicious behavior: MapViewOfSection 3 IoCs

Processes:

11c8b4cb24a174c67ddc4c91c316f4da.exe

pid process

1156 11c8b4cb24a174c67ddc4c91c316f4da.exe
1156 11c8b4cb24a174c67ddc4c91c316f4da.exe
1156 11c8b4cb24a174c67ddc4c91c316f4da.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

11c8b4cb24a174c67ddc4c91c316f4da.exe

description pid process

Token: SeDebugPrivilege 1156 11c8b4cb24a174c67ddc4c91c316f4da.exe

description	pid	process
Token: SeDebugPrivilege	1156	11c8b4cb24a174c67ddc4c91c316f4da.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

11c8b4cb24a174c67ddc4c91c316f4da.exe

description	pid	process	target process
PID 1156 wrote to memory of 2636	1156	11c8b4cb24a174c67ddc4c91c316f4da.exe	svchost.exe
PID 1156 wrote to memory of 2636	1156	11c8b4cb24a174c67ddc4c91c316f4da.exe	svchost.exe
PID 1156 wrote to memory of 2636	1156	11c8b4cb24a174c67ddc4c91c316f4da.exe	svchost.exe
PID 1156 wrote to memory of 2636	1156	11c8b4cb24a174c67ddc4c91c316f4da.exe	svchost.exe
PID 1156 wrote to memory of 2732	1156	11c8b4cb24a174c67ddc4c91c316f4da.exe	svchost.exe
PID 1156 wrote to memory of 2732	1156	11c8b4cb24a174c67ddc4c91c316f4da.exe	svchost.exe
PID 1156 wrote to memory of 2732	1156	11c8b4cb24a174c67ddc4c91c316f4da.exe	svchost.exe
PID 1156 wrote to memory of 2732	1156	11c8b4cb24a174c67ddc4c91c316f4da.exe	svchost.exe
PID 1156 wrote to memory of 1736	1156	11c8b4cb24a174c67ddc4c91c316f4da.exe	explorer.exe
PID 1156 wrote to memory of 1736	1156	11c8b4cb24a174c67ddc4c91c316f4da.exe	explorer.exe
PID 1156 wrote to memory of 1736	1156	11c8b4cb24a174c67ddc4c91c316f4da.exe	explorer.exe
PID 1156 wrote to memory of 1736	1156	11c8b4cb24a174c67ddc4c91c316f4da.exe	explorer.exe

C:\Users\Admin\AppData\Local\Temp\11c8b4cb24a174c67ddc4c91c316f4da.exe
"C:\Users\Admin\AppData\Local\Temp\11c8b4cb24a174c67ddc4c91c316f4da.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1156

C:\Windows\SysWOW64\svchost.exe
-k netsvcs
2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2636

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
2⤵
PID:1736

C:\Windows\SysWOW64\svchost.exe
-k netsvcs
2⤵
- Loads dropped DLL
PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5061.tmp
Filesize
309KB

MD5
42194fd5a403bb56b6e5698ea4e1bacc

SHA1
84629d0e0090f57aa036ae8c5a75bbee19b9e812

SHA256
ed0d0b771ae43cf42d9c58014c5a4268ed28e8a2faef8a59f2376039e9a7af35

SHA512
edeb4b565c6dc154f1dcedb054d6554ad6652bfe093f2c66ba462247b6bc8435445164bfa6927db5a2d92a31ae0c87a41ab8fa3f1f19d66292fc79d4d75a8741

Download Submit
C:\Users\Admin\AppData\Local\Temp\50FE.tmp
Filesize
350KB

MD5
9e3881604d3d8dc9c17c8abc7922dd68

SHA1
33921b0b1b6818a187d4b9fa9f15926782fbfc6f

SHA256
6030573e861856d0f9dc22ac57a4481e0258a91611b9da93173887be55a003d6

SHA512
66467ddca853f0c140a3fc20c32527a2ae9ba7b3425b21e0958a2089a3c2eed478183113aac6233229a29bd1f00e47296a816990bde6fc708223e93387c3fec3

Download Submit
\Users\Admin\AppData\Local\Temp\4BEE.tmp
Filesize
993KB

MD5
577a30c9f27e371f2d0770a414b696a2

SHA1
f7c984b939b52986e3e61fc1db74cf129378ebfd

SHA256
e4a62c925741cfa91f54881c3e765a81268ae33f8cbddf1d6ec80ee459fde841

SHA512
f5d470a76d64da73fb2827264d8935b503618123f50445bc187b11aa63ebffd32a14d3a99c66e98e1117a4530d7706d2bc507b52d07b9bee08ed4eaacc92cc8b

Download Submit
\Users\Admin\AppData\Local\Temp\4C2E.tmp
Filesize
1.0MB

MD5
ee63a086aa8e3f44a01ddae30619b6d7

SHA1
a5d10baea12566752ef26013e104b61df2fa9865

SHA256
3de0693d747dd3993cfec4db339c496049537b5a7254b62e5f769563938861e0

SHA512
6dd3e50cab7861c2f2bacf98ff4779e3896e2c02fb55dc6a8ed18243b0f6c392eaaeeb432a5ade408b02ac143fb893bb5402414a34955e81ba6fd8b1bc08ca19

Download Submit
\Users\Admin\AppData\Local\Temp\4D09.tmp
Filesize
202KB

MD5
7ff15a4f092cd4a96055ba69f903e3e9

SHA1
a3d338a38c2b92f95129814973f59446668402a8

SHA256
1b594e6d057c632abb3a8cf838157369024bd6b9f515ca8e774b22fe71a11627

SHA512
4b015d011c14c7e10568c09bf81894681535efb7d76c3ef9071fffb3837f62b36e695187b2d32581a30f07e79971054e231a2ca4e8ad7f0f83d5876f8c086dae

Download Submit
\Users\Admin\AppData\Local\Temp\5061.tmp
Filesize
413KB

MD5
87b00651eea0282511d81ce82bdcd96b

SHA1
69046e0984c598147d3a4e8891a1c6a167dcbe3f

SHA256
8638a0e1dfbec4b8dcd6f8b721daa490c3786144331995d14dc7765664aaef02

SHA512
ff41a59adf49dcb2eae3e1120a3a22b17794ca3425009f4f14a4f2c951ec6e356af875c50b4eda730ebbd0b09c1979ca7524c6a2c6903b7b7634cbfbed4bbeb9

Download Submit
\Users\Admin\AppData\Local\Temp\5062.tmp
Filesize
747KB

MD5
31873a54a2ee0bb7d22c5344e6b7ca61

SHA1
d7bae21fd05646285f63f2b566308045872a2caa

SHA256
75e43b9d8bfe6c13c5d647a6ee338320e9daa83f90f6d0af791204e4448f66cf

SHA512
e298ce88fa6187bcc1398c0b8279e016dfc24f3cf563726be68a9dd46a2e8895dd421884678a3a8f95537655a1e4fbd98ad50007c3b64bbc97ed32c9e56b1e43

Download Submit
\Users\Admin\AppData\Local\Temp\50B0.tmp
Filesize
328KB

MD5
0000a5bbf6254aa0dd11605b9ebbdc20

SHA1
d4522cfd66c7b40cf0215bb5226cc7d64fc36b05

SHA256
7f5c54118dd483b40b34c016f6fbc4f328e89449152643821e86112c7d2dced6

SHA512
aa9a13ca414fd10a4103f83450293cd5e1e2f36469d606cbf8ee4ca98190808e378a8188908868293b4e57d311fd91dbd264a2575e3894030fc1883c96256ae8

Download Submit
\Users\Admin\AppData\Local\Temp\50FE.tmp
Filesize
452KB

MD5
ad5cfe228f4d991226f0bc2d23877adb

SHA1
9e7185a7c6020a9d753a466f5441b0876344b370

SHA256
2f83b441ccaf61785f601b98094c0d152f28f9706212a8b1f0cda8387c9393b4

SHA512
6be238966b9e0bd9003978a8a4399229430b6f0febf4f19be659c555082c84c173189960934150402dc9160907a33ed1f14b6d18f0bb868c5a5e9cd3da6038f4

Download Submit
memory/1156-85-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1156-60-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-45-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-47-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-49-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-43-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-51-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-50-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-52-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-55-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-65-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-64-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-67-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-69-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-71-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-73-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-75-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-66-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-77-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-81-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-80-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-79-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-78-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-63-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-62-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-22-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-23-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-86-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1156-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1156-21-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-19-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-18-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-61-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-44-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-59-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-58-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-57-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-56-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-53-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-42-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-41-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-12-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-3-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1156-40-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-39-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-38-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1156-37-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-36-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-35-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-24-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-34-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-33-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-32-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-31-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-30-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-29-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-28-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-27-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-26-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/1156-25-0x0000000000280000-0x0000000000289000-memory.dmp

Filesize
36KB

Download
memory/2636-103-0x0000000000080000-0x00000000000BD000-memory.dmp

Filesize
244KB

Download
memory/2636-87-0x0000000000080000-0x00000000000BD000-memory.dmp

Filesize
244KB

Download
memory/2636-106-0x0000000000080000-0x00000000000BD000-memory.dmp

Filesize
244KB

Download
memory/2732-88-0x0000000000080000-0x00000000000BD000-memory.dmp

Filesize
244KB

Download
memory/2732-107-0x0000000000080000-0x00000000000BD000-memory.dmp

Filesize
244KB

Download