853e30fa7446501349d78fee928d90a7ad0c2746a01c723e50384c3abd108bd7

Analysis

max time kernel
177s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b36460de122216191f6802dcb72bd1d.exe
Size

2.6MB
MD5

3b36460de122216191f6802dcb72bd1d
SHA1

55eca7e662373d8489bc4e4e218f8855cbef2660
SHA256

853e30fa7446501349d78fee928d90a7ad0c2746a01c723e50384c3abd108bd7
SHA512

c1066ce892c1898f5de3d1cef93e993b941e017041588cf007cbb4a35ca279b8e2cb2f7006b06bbac9c9c1cf0dc40617d15c6c0ee30e35fa58a2606a07ef5328
SSDEEP

49152:Mbp/QJUXEuIIEeZzL4vO7MIl+uVaQh+JBZs7GCu+/CEBbJK/:4vXENFeZX4vO79+uEQM7Zs7fuMNFU/

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 3956 set thread context of 3740	3956	3b36460de122216191f6802dcb72bd1d.exe	106
PID 3740 set thread context of 3944	3740	3b36460de122216191f6802dcb72bd1d.exe	110
PID 3944 set thread context of 4504	3944	3b36460de122216191f6802dcb72bd1d.exe	112

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3956	3b36460de122216191f6802dcb72bd1d.exe
3956	3b36460de122216191f6802dcb72bd1d.exe
3956	3b36460de122216191f6802dcb72bd1d.exe
3956	3b36460de122216191f6802dcb72bd1d.exe
3740	3b36460de122216191f6802dcb72bd1d.exe
3740	3b36460de122216191f6802dcb72bd1d.exe
3740	3b36460de122216191f6802dcb72bd1d.exe
3740	3b36460de122216191f6802dcb72bd1d.exe
3944	3b36460de122216191f6802dcb72bd1d.exe
3944	3b36460de122216191f6802dcb72bd1d.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3956	3b36460de122216191f6802dcb72bd1d.exe
Token: SeDebugPrivilege	3740	3b36460de122216191f6802dcb72bd1d.exe
Token: SeDebugPrivilege	3944	3b36460de122216191f6802dcb72bd1d.exe

Suspicious use of WriteProcessMemory 39 IoCs

description	pid	Process	procid_target
PID 3956 wrote to memory of 2556	3956	3b36460de122216191f6802dcb72bd1d.exe	104
PID 3956 wrote to memory of 2556	3956	3b36460de122216191f6802dcb72bd1d.exe	104
PID 3956 wrote to memory of 2556	3956	3b36460de122216191f6802dcb72bd1d.exe	104
PID 3956 wrote to memory of 2452	3956	3b36460de122216191f6802dcb72bd1d.exe	105
PID 3956 wrote to memory of 2452	3956	3b36460de122216191f6802dcb72bd1d.exe	105
PID 3956 wrote to memory of 2452	3956	3b36460de122216191f6802dcb72bd1d.exe	105
PID 3956 wrote to memory of 3740	3956	3b36460de122216191f6802dcb72bd1d.exe	106
PID 3956 wrote to memory of 3740	3956	3b36460de122216191f6802dcb72bd1d.exe	106
PID 3956 wrote to memory of 3740	3956	3b36460de122216191f6802dcb72bd1d.exe	106
PID 3956 wrote to memory of 3740	3956	3b36460de122216191f6802dcb72bd1d.exe	106
PID 3956 wrote to memory of 3740	3956	3b36460de122216191f6802dcb72bd1d.exe	106
PID 3956 wrote to memory of 3740	3956	3b36460de122216191f6802dcb72bd1d.exe	106
PID 3956 wrote to memory of 3740	3956	3b36460de122216191f6802dcb72bd1d.exe	106
PID 3956 wrote to memory of 3740	3956	3b36460de122216191f6802dcb72bd1d.exe	106
PID 3740 wrote to memory of 4248	3740	3b36460de122216191f6802dcb72bd1d.exe	108
PID 3740 wrote to memory of 4248	3740	3b36460de122216191f6802dcb72bd1d.exe	108
PID 3740 wrote to memory of 4248	3740	3b36460de122216191f6802dcb72bd1d.exe	108
PID 3740 wrote to memory of 4676	3740	3b36460de122216191f6802dcb72bd1d.exe	109
PID 3740 wrote to memory of 4676	3740	3b36460de122216191f6802dcb72bd1d.exe	109
PID 3740 wrote to memory of 4676	3740	3b36460de122216191f6802dcb72bd1d.exe	109
PID 3740 wrote to memory of 3944	3740	3b36460de122216191f6802dcb72bd1d.exe	110
PID 3740 wrote to memory of 3944	3740	3b36460de122216191f6802dcb72bd1d.exe	110
PID 3740 wrote to memory of 3944	3740	3b36460de122216191f6802dcb72bd1d.exe	110
PID 3740 wrote to memory of 3944	3740	3b36460de122216191f6802dcb72bd1d.exe	110
PID 3740 wrote to memory of 3944	3740	3b36460de122216191f6802dcb72bd1d.exe	110
PID 3740 wrote to memory of 3944	3740	3b36460de122216191f6802dcb72bd1d.exe	110
PID 3740 wrote to memory of 3944	3740	3b36460de122216191f6802dcb72bd1d.exe	110
PID 3740 wrote to memory of 3944	3740	3b36460de122216191f6802dcb72bd1d.exe	110
PID 3944 wrote to memory of 4488	3944	3b36460de122216191f6802dcb72bd1d.exe	111
PID 3944 wrote to memory of 4488	3944	3b36460de122216191f6802dcb72bd1d.exe	111
PID 3944 wrote to memory of 4488	3944	3b36460de122216191f6802dcb72bd1d.exe	111
PID 3944 wrote to memory of 4504	3944	3b36460de122216191f6802dcb72bd1d.exe	112
PID 3944 wrote to memory of 4504	3944	3b36460de122216191f6802dcb72bd1d.exe	112
PID 3944 wrote to memory of 4504	3944	3b36460de122216191f6802dcb72bd1d.exe	112
PID 3944 wrote to memory of 4504	3944	3b36460de122216191f6802dcb72bd1d.exe	112
PID 3944 wrote to memory of 4504	3944	3b36460de122216191f6802dcb72bd1d.exe	112
PID 3944 wrote to memory of 4504	3944	3b36460de122216191f6802dcb72bd1d.exe	112
PID 3944 wrote to memory of 4504	3944	3b36460de122216191f6802dcb72bd1d.exe	112
PID 3944 wrote to memory of 4504	3944	3b36460de122216191f6802dcb72bd1d.exe	112

C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe
"C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3956
- C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe
  "C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe"
  2⤵
  PID:2556
- C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe
  "C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe"
  2⤵
  PID:2452
- C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe
  "C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3740
- - C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe
    "C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe"
    3⤵
    PID:4248
- - C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe
    "C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe"
    3⤵
    PID:4676
- - C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe
    "C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe
      "C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe"
      4⤵
      PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe
      "C:\Users\Admin\AppData\Local\Temp\3b36460de122216191f6802dcb72bd1d.exe"
      4⤵
      PID:4504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\3b36460de122216191f6802dcb72bd1d.exe.log

Filesize
496B

MD5
b2c1bc3c319f11e0a19c54a00bef082c

SHA1
ad2559ebc4b4aade5383a33a389e8c0af046a2a1

SHA256
93b161ab36f5e2397075114b5e93f08e3f9111345290460c26c8a4a2b14840f4

SHA512
74f68195fd444e6812d34c9f8ee50a482beb3154f90f56306c96be51e183b203edc2888f8dcbe884447d54b78471dc21b71708fe0f5c7388304c67e8a249193a

Download Submit
memory/3740-13-0x0000000074A30000-0x0000000074FE1000-memory.dmp

Filesize
5.7MB

Download
memory/3740-9-0x0000000074A30000-0x0000000074FE1000-memory.dmp

Filesize
5.7MB

Download
memory/3740-17-0x0000000074A30000-0x0000000074FE1000-memory.dmp

Filesize
5.7MB

Download
memory/3740-14-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download
memory/3740-12-0x0000000074A30000-0x0000000074FE1000-memory.dmp

Filesize
5.7MB

Download
memory/3740-6-0x0000000000400000-0x000000000063A000-memory.dmp

Filesize
2.2MB

Download
memory/3740-11-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download
memory/3944-24-0x0000000074A30000-0x0000000074FE1000-memory.dmp

Filesize
5.7MB

Download
memory/3944-22-0x0000000001B70000-0x0000000001B80000-memory.dmp

Filesize
64KB

Download
memory/3944-15-0x0000000000400000-0x0000000000556000-memory.dmp

Filesize
1.3MB

Download
memory/3944-21-0x0000000074A30000-0x0000000074FE1000-memory.dmp

Filesize
5.7MB

Download
memory/3944-16-0x0000000001B70000-0x0000000001B80000-memory.dmp

Filesize
64KB

Download
memory/3944-19-0x0000000074A30000-0x0000000074FE1000-memory.dmp

Filesize
5.7MB

Download
memory/3944-18-0x0000000074A30000-0x0000000074FE1000-memory.dmp

Filesize
5.7MB

Download
memory/3944-20-0x0000000001B70000-0x0000000001B80000-memory.dmp

Filesize
64KB

Download
memory/3956-3-0x0000000074A30000-0x0000000074FE1000-memory.dmp

Filesize
5.7MB

Download
memory/3956-4-0x0000000001660000-0x0000000001670000-memory.dmp

Filesize
64KB

Download
memory/3956-2-0x0000000001660000-0x0000000001670000-memory.dmp

Filesize
64KB

Download
memory/3956-0-0x0000000074A30000-0x0000000074FE1000-memory.dmp

Filesize
5.7MB

Download
memory/3956-5-0x0000000001660000-0x0000000001670000-memory.dmp

Filesize
64KB

Download
memory/3956-1-0x0000000074A30000-0x0000000074FE1000-memory.dmp

Filesize
5.7MB

Download
memory/3956-10-0x0000000074A30000-0x0000000074FE1000-memory.dmp

Filesize
5.7MB

Download
memory/4504-23-0x0000000000400000-0x00000000004CA000-memory.dmp

Filesize
808KB

Download
memory/4504-25-0x0000000074A30000-0x0000000074FE1000-memory.dmp

Filesize
5.7MB

Download
memory/4504-26-0x0000000001D20000-0x0000000001D30000-memory.dmp

Filesize
64KB

Download
memory/4504-27-0x0000000074A30000-0x0000000074FE1000-memory.dmp

Filesize
5.7MB

Download