1391c786082a7db05df538a6b67f1176b1fec4aec7a51d8432fb649eecfe594a

Analysis

max time kernel
177s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 10:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

162e29c3a95a50641d6a5f44d39f8e73.exe
Size

800KB
MD5

162e29c3a95a50641d6a5f44d39f8e73
SHA1

ddc9d7fabbad7352d7f730f08e822fd28cac57eb
SHA256

1391c786082a7db05df538a6b67f1176b1fec4aec7a51d8432fb649eecfe594a
SHA512

c268dd95a11c562b959db05d3c8b718ad66993c2dae8607f9e912e7d5a49b75d023c3c6fc9dc90c17cbf1468adcf9a4f0b4de311781eab38384e923c65ca364b
SSDEEP

12288:n8pVRWw6fX9+wfupc32/zBj5dy7H5cmaduICyIOspJI5qt3tWS:nOVcftjfqrNn2W8I/IOMzt3tz

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
5060	162e29c3a95a50641d6a5f44d39f8e73.exe
5060	162e29c3a95a50641d6a5f44d39f8e73.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5060	162e29c3a95a50641d6a5f44d39f8e73.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5060	162e29c3a95a50641d6a5f44d39f8e73.exe
5060	162e29c3a95a50641d6a5f44d39f8e73.exe

C:\Users\Admin\AppData\Local\Temp\162e29c3a95a50641d6a5f44d39f8e73.exe
"C:\Users\Admin\AppData\Local\Temp\162e29c3a95a50641d6a5f44d39f8e73.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\dfsF80C.tmp

Filesize
96KB

MD5
b968b19b010ed89ba27b9413de200151

SHA1
0bdd38450386acb85497e865b642e13423cf2467

SHA256
08614a7a31273c5568d6ede85f0f83336daa39f10a166bd43103c39c889bf831

SHA512
7493f426218871d74ceb4d4f902e3a287c13ff1c4e5fc3766633e26a67c50e57a941b4fa13e2f36edf54ea65cbef79442afff105c32eb2e44bf1cd03fcd8b779

Download Submit
C:\Users\Admin\AppData\Local\Temp\dfsF80C.tmp

Filesize
92KB

MD5
ca1ada19949d9b37b9c5f6f5f998fb88

SHA1
be223370d37d7bfabd5bf1b7261b27fa3c0c87cd

SHA256
3d4cecd8aafe2a75501e285cc1785a59592dc4574e17caac3c4f91032a85016d

SHA512
2fcfda156ae677f85d04ad8a1704159d9df999b553ae68447261d1f9ff4546ef3b2f98cb2dfbd4c3d3f6776077dc08e99d1e21a79d1f0a5822bd70ae61e71903

Download Submit
memory/5060-10-0x0000000004E20000-0x0000000004E2A000-memory.dmp

Filesize
40KB

Download
memory/5060-11-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/5060-6-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/5060-7-0x0000000004A40000-0x0000000004A4C000-memory.dmp

Filesize
48KB

Download
memory/5060-8-0x0000000005400000-0x00000000059A4000-memory.dmp

Filesize
5.6MB

Download
memory/5060-9-0x0000000004D40000-0x0000000004DD2000-memory.dmp

Filesize
584KB

Download
memory/5060-1-0x00000000749F0000-0x00000000751A0000-memory.dmp

Filesize
7.7MB

Download
memory/5060-5-0x0000000004A90000-0x0000000004B28000-memory.dmp

Filesize
608KB

Download
memory/5060-12-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/5060-13-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/5060-14-0x00000000082D0000-0x0000000008336000-memory.dmp

Filesize
408KB

Download
memory/5060-23-0x00000000749F0000-0x00000000751A0000-memory.dmp

Filesize
7.7MB

Download
memory/5060-24-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/5060-25-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/5060-26-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads