Overview

overview

7

Static

static

1

2c93bf234b...f3.exe

windows7-x64

7

2c93bf234b...f3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 07:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c93bf234b0a794699d55872d4c779f3.exe

  • Size

    488KB

  • MD5

    2c93bf234b0a794699d55872d4c779f3

  • SHA1

    2fc77ee26c3d4bceae4dca8d40922051db52d5bf

  • SHA256

    05e379fe614c0ce3be8627e7a9a79744a728e8fbab9d4d9fb39c2e2c9205df94

  • SHA512

    4af0dbd7c6a6323932bc472b505dc3967ac8e732ef3334aec05025935384ee30563b9e5c7356a69d09542a9dd248260e12e4f48a150b9637cc976abd7e227db3

  • SSDEEP

    12288:CSpAZ3gtueKw9pPncZL1rSnnzVS5VyFXUGesd1YWH:CSKZwtv3UynnzP9UZjWH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c93bf234b0a794699d55872d4c779f3.exe
    "C:\Users\Admin\AppData\Local\Temp\2c93bf234b0a794699d55872d4c779f3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2360
    • \??\c:\02126c466583cd839edbae\update\update.exe
      c:\02126c466583cd839edbae\update\update.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\02126c466583cd839edbae\_sfx_.dll
    Filesize

    25KB

    MD5

    ee207e35aea4d5df41d90221e1b66efa

    SHA1

    757469cf9ad2f21f267bbe730560114fdf8a89a5

    SHA256

    cf64c95e9a2d02967efc22b00efb3736156b913a95231eb63c1df45d43475e64

    SHA512

    43e9f75725daa4f3428b2d9cee2c2cc8b2f2e991b8e58d72d2f429fbdfb614c86d172f03d3f9da98756bd4e245643d9a57c6efa422d6c60ad364a2322245542d

    Download Submit

  • C:\02126c466583cd839edbae\update\update.exe
    Filesize

    382KB

    MD5

    5f64845f3635e186c04c5e91cfebc505

    SHA1

    1b5cca940afaf210918c22b7208dfef454c1fcfc

    SHA256

    0a73b73030d72a2e7fb1b033ee545062e3a63982deeaa77a021b7c3bb02ef8ef

    SHA512

    6c1d32dbf51a1e35f45db02db966dabb0d593bd353ede333b89d38d9e52c913ff80000cf9aba43ee418fdbd530ea22fcc11acd1a8ba6de8e3680c01aaebbbc48

    Download Submit

  • C:\02126c466583cd839edbae\update\updspapi.dll
    Filesize

    373KB

    MD5

    8d13dfd9d7351b2da87ca237277b6cf3

    SHA1

    a9ef7f91183857ae6dba937f9f95282f6c590a9d

    SHA256

    dc2beb43cefa8840d3ac7d622079870f247f97a205a52cb4794b1d688c155463

    SHA512

    d11eee63de309e2b81a92fa9c72a11c1a587e4491214e1d45ad20cba3677ebf99bf98483bbc7f579d5f830e4ca7473d532abc1c6dd7c64ad455e0cd1bcc9a792

    Download Submit

  • memory/2788-43-0x0000000000670000-0x00000000006CE000-memory.dmp

    Filesize

    376KB

    Download