Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 05:13

General

  • Target

    298d292b1dbe4f746d3c3a7c4725e150.exe

  • Size

    184KB

  • MD5

    298d292b1dbe4f746d3c3a7c4725e150

  • SHA1

    9f5333a1518330bb9855b14bff56d37a1479b18c

  • SHA256

    31c85ad0d3b8506222d7eafac77a7fedf6f0e176d7c1eba8ca2753ebcdc07081

  • SHA512

    c037539fbfd567d0a0d97ca066cff42f09c95ed62a930cf3307983ffb5d83bd66eeaa0c9cc7eb8037c648fab82c7baafe2e48ef98f8109cff288e4930482c819

  • SSDEEP

    3072:mk2kO1HTcdFqA6lEoj+nncGz2HMN0PD1nIXeelDI:p2XpcdoAeScHMN0b1nIu

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\spoolsv.exe
    1⤵
      PID:1080
    • C:\Users\Admin\AppData\Local\Temp\298d292b1dbe4f746d3c3a7c4725e150.exe
      "C:\Users\Admin\AppData\Local\Temp\298d292b1dbe4f746d3c3a7c4725e150.exe"
      1⤵
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1940
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Windows\system32\~rv.bat
        2⤵
        • Deletes itself
        PID:2112

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\SysWOW64\~rv.bat

            Filesize

            301B

            MD5

            c53de1152ec5377f1171436ed80d784e

            SHA1

            6b0f0728f92a739cdc52ed93f53a38b69ca10ef1

            SHA256

            ac8e5638bbf2a64b02243c36f6bd746cce2a7bc118d9a21418f1d0824f7b8b8e

            SHA512

            6495c2d9b0f347474264c22be34be13f495d96284a4f896b36cef22c78c09b62b8982b5de9c4f83f4c799be4fc6e44896165b1f6a46e95896576bbded0b796d3

          • memory/1080-2-0x0000000000230000-0x0000000000231000-memory.dmp

            Filesize

            4KB