c4fc8ff0b6a6323ba9b2f8898dea10e286281dc2c6bd5eb0e73c8b8456fedc37

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 00:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

21ac8f8f88e9d6254b94dac532a9d3ec.exe
Size

329KB
MD5

21ac8f8f88e9d6254b94dac532a9d3ec
SHA1

d68d518fb8cbd2981fc99081fda4e7472f1e153a
SHA256

c4fc8ff0b6a6323ba9b2f8898dea10e286281dc2c6bd5eb0e73c8b8456fedc37
SHA512

91341e9bf0860e872a6ec0bab2c089b153e7577833d76842f907dc245715664baf3a163daabc2a22a4c628b710260a0cb88fd1c39545a866e014f6df6d51a6f8
SSDEEP

6144:0X79zj1Ldqrgx7pNpXxLDZJEEpoO16XNBjqQ8KV5Z52NFQ:0X118mpBn6DLqQ8sD/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
692	21ac8f8f88e9d6254b94dac532a9d3ec.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\21ac8f8f88e9d6254b94dac532a9d3ec.exe	21ac8f8f88e9d6254b94dac532a9d3ec.exe
File created	C:\Windows\SysWOW64\21ac8f8f88e9d6254b94dac532a9d3ec.exe	21ac8f8f88e9d6254b94dac532a9d3ec.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1460	21ac8f8f88e9d6254b94dac532a9d3ec.exe
1460	21ac8f8f88e9d6254b94dac532a9d3ec.exe
1460	21ac8f8f88e9d6254b94dac532a9d3ec.exe
1460	21ac8f8f88e9d6254b94dac532a9d3ec.exe
1460	21ac8f8f88e9d6254b94dac532a9d3ec.exe
1460	21ac8f8f88e9d6254b94dac532a9d3ec.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	1460	21ac8f8f88e9d6254b94dac532a9d3ec.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 4388	1460	21ac8f8f88e9d6254b94dac532a9d3ec.exe	21
PID 1460 wrote to memory of 4388	1460	21ac8f8f88e9d6254b94dac532a9d3ec.exe	21
PID 1460 wrote to memory of 4388	1460	21ac8f8f88e9d6254b94dac532a9d3ec.exe	21

C:\Users\Admin\AppData\Local\Temp\21ac8f8f88e9d6254b94dac532a9d3ec.exe
"C:\Users\Admin\AppData\Local\Temp\21ac8f8f88e9d6254b94dac532a9d3ec.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\21AC8F~1.EXE > nul
  2⤵
  PID:4388

C:\Windows\SysWOW64\21ac8f8f88e9d6254b94dac532a9d3ec.exe
C:\Windows\SysWOW64\21ac8f8f88e9d6254b94dac532a9d3ec.exe
1⤵
- Executes dropped EXE
PID:692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/692-46-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-56-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-62-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-65-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-64-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-125-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/692-45-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/692-67-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-66-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-47-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-48-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-63-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-49-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-50-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-51-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-52-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-53-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-54-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-60-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-55-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-58-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/692-57-0x0000000001E90000-0x0000000001ED0000-memory.dmp

Filesize
256KB

Download
memory/1460-36-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-26-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-61-0x00000000006C0000-0x0000000000714000-memory.dmp

Filesize
336KB

Download
memory/1460-40-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/1460-41-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/1460-39-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-38-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-37-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-35-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-25-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-24-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-23-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-28-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-34-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-33-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-32-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-31-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-30-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-29-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-1-0x00000000006C0000-0x0000000000714000-memory.dmp

Filesize
336KB

Download
memory/1460-27-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-59-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1460-22-0x0000000003360000-0x00000000033E0000-memory.dmp

Filesize
512KB

Download
memory/1460-21-0x0000000003360000-0x0000000003361000-memory.dmp

Filesize
4KB

Download
memory/1460-20-0x0000000003360000-0x0000000003361000-memory.dmp

Filesize
4KB

Download
memory/1460-19-0x0000000003360000-0x0000000003361000-memory.dmp

Filesize
4KB

Download
memory/1460-18-0x0000000003360000-0x0000000003361000-memory.dmp

Filesize
4KB

Download
memory/1460-17-0x0000000003360000-0x0000000003361000-memory.dmp

Filesize
4KB

Download
memory/1460-16-0x0000000003360000-0x0000000003361000-memory.dmp

Filesize
4KB

Download
memory/1460-15-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/1460-14-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/1460-13-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/1460-12-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/1460-11-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/1460-10-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/1460-9-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/1460-8-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/1460-7-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/1460-6-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1460-5-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/1460-4-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/1460-3-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1460-2-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/1460-0-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download