399d7f2ae9cbb0395cf1d49299aa74dfc31c9cd1674e00e1b9edd46b16ee6216

Analysis

max time kernel
147s
max time network
134s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 09:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

144d34c6fc809770681889c28ddefadd.exe
Size

91KB
MD5

144d34c6fc809770681889c28ddefadd
SHA1

e987ec191699c99002ac371be559f78d73c81d0a
SHA256

399d7f2ae9cbb0395cf1d49299aa74dfc31c9cd1674e00e1b9edd46b16ee6216
SHA512

d214b282f74963c0fcfe967acd603f475b19e19ffc240a69eadde3d10a8bb5086cf1a8c572497789274c9bff32e586430acde0be825f6ca36377a23c801bf605
SSDEEP

1536:DLJsQn+4g1FqgL3zQaP/+55ubKhZZaA9NWFNRbdmR7z+GrdODncNO1b3My8:32qgLEaXbCZZhwmx+GCncNYb8y

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2124	kernl32.exe
2296	svchost.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\kernl32.exe	144d34c6fc809770681889c28ddefadd.exe
File opened for modification	C:\Windows\SysWOW64\kernl32.exe	144d34c6fc809770681889c28ddefadd.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\svchost.exe	144d34c6fc809770681889c28ddefadd.exe
File opened for modification	C:\Windows\svchost.exe	144d34c6fc809770681889c28ddefadd.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2124	kernl32.exe

C:\Users\Admin\AppData\Local\Temp\144d34c6fc809770681889c28ddefadd.exe
"C:\Users\Admin\AppData\Local\Temp\144d34c6fc809770681889c28ddefadd.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1680

C:\Windows\svchost.exe
C:\Windows\svchost.exe
1⤵
- Executes dropped EXE
PID:2296

C:\Windows\SysWOW64\kernl32.exe
C:\Windows\SysWOW64\kernl32.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\kernl32.exe

Filesize
92KB

MD5
2b6d7a4375c2500c45340123d214fc9e

SHA1
cb41ec49c15d1d6fd6b09e6cb045a772e23b25bd

SHA256
9bf2f4735ad8ade0baf9fc46e94786f1e9824abf4c38ecbd3a6d4fb3c4cd89d6

SHA512
4a6491e427ba2e588fc3f620ed244a4a685dfea4c3d3a37e34d4a1a99aa9baeb9ffb66ddef418acfaa0119652a7d14b03c078a70383e0db51229739eeeb0a395

Download Submit
memory/1680-6-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2124-11-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2124-13-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2124-31-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2124-9-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2124-33-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2124-21-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2124-29-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2124-7-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2124-15-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2124-27-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2124-25-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2124-17-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2124-23-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2124-19-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2296-12-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2296-22-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2296-20-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2296-24-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2296-26-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2296-18-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2296-16-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2296-28-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2296-14-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2296-30-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2296-32-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2296-10-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2296-34-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2296-8-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads