Analysis

  • max time kernel
    139s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 13:21

General

  • Target

    19cefc76a47c2e6c1a430edf6c78dd2d.exe

  • Size

    460KB

  • MD5

    19cefc76a47c2e6c1a430edf6c78dd2d

  • SHA1

    dc519859b49d08f0191f3b995d52949b82a92d6c

  • SHA256

    16a6061300ae37ff555d33aa09bc9dbb4a4a70676e8ea1c33d4b304218fd6bb1

  • SHA512

    5aedb02b0d9cdd8ec9121ae9bf70f7dee326e4124ac414834e7a76ba9ff6cd8c4fe121d8735ce6d4e2aa04bbcc4e76396cf171e8b5abab7e0b3ee3eba988bf4f

  • SSDEEP

    6144:NiaCGFR4TqvFtECucl0rerdhF1hpG6TwA4tEhXcKS2y38l1dFrGQxf3RJ9lG8NGg:EaTX2aBhTG6gul1dFrGQzDIO

Score
1/10

Malware Config

Signatures

  • Modifies registry class 2 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19cefc76a47c2e6c1a430edf6c78dd2d.exe
    "C:\Users\Admin\AppData\Local\Temp\19cefc76a47c2e6c1a430edf6c78dd2d.exe"
    1⤵
    • Modifies registry class
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    PID:4596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4596-1-0x0000000000AD0000-0x0000000000AE0000-memory.dmp

    Filesize

    64KB

  • memory/4596-2-0x0000000074690000-0x0000000074C41000-memory.dmp

    Filesize

    5.7MB

  • memory/4596-0-0x0000000074690000-0x0000000074C41000-memory.dmp

    Filesize

    5.7MB

  • memory/4596-9-0x0000000074690000-0x0000000074C41000-memory.dmp

    Filesize

    5.7MB