37434117ffc061ee04bc9370103023ae65e0cdf4f895377202840214cfbf8574

Analysis

max time kernel
152s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

37255ad083dbdcddaf8ec62dddea7ebe.exe
Size

642KB
MD5

37255ad083dbdcddaf8ec62dddea7ebe
SHA1

cc6dc368bc921446113d0d3b06d3a23f84842488
SHA256

37434117ffc061ee04bc9370103023ae65e0cdf4f895377202840214cfbf8574
SHA512

6bc236a7f42c2fa526a291d23b261ede59595db8fda9991dc32216750b6e46bf79da953431d1833138265e5dfcd683d9780e1b745dc3114f38d0712df8858462
SSDEEP

12288:5GpyZrHohsYmXXggsPV8ByoN1aXA41F3Z4mxxCfivqtgmiAbit6iqmo:5Gw1IT+wgsPV8Aoew41QmXD0gntXqmo

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3784	lisp.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\uninstal.bat	37255ad083dbdcddaf8ec62dddea7ebe.exe
File created	C:\Windows\SYSTEM\lisp.exe	37255ad083dbdcddaf8ec62dddea7ebe.exe
File opened for modification	C:\Windows\SYSTEM\lisp.exe	37255ad083dbdcddaf8ec62dddea7ebe.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	lisp.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	lisp.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	lisp.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	lisp.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	lisp.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	564	37255ad083dbdcddaf8ec62dddea7ebe.exe
Token: SeDebugPrivilege	3784	lisp.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3784	lisp.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 564 wrote to memory of 3332	564	37255ad083dbdcddaf8ec62dddea7ebe.exe	71
PID 564 wrote to memory of 3332	564	37255ad083dbdcddaf8ec62dddea7ebe.exe	71
PID 564 wrote to memory of 3332	564	37255ad083dbdcddaf8ec62dddea7ebe.exe	71

C:\Users\Admin\AppData\Local\Temp\37255ad083dbdcddaf8ec62dddea7ebe.exe
"C:\Users\Admin\AppData\Local\Temp\37255ad083dbdcddaf8ec62dddea7ebe.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:564
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
  2⤵
  PID:3332

C:\Windows\SYSTEM\lisp.exe
C:\Windows\SYSTEM\lisp.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SYSTEM\lisp.exe

Filesize
475KB

MD5
f5e8a9fe2fd7d8bfa781c65bbd5c9913

SHA1
e03e47652a14d5820dabfcc0aec78be8d1ce6c86

SHA256
5432e455644858bfb7011bfe5a229c8d727daf6da048a3954022b7019d779d8c

SHA512
f5f79ac3d0d198accbe935342b2f3d2216c842ee11ec8c51c9d13d5736a12dfe95c0231dec19cb5879056fb0513b4af6f61336313ba733458ea8db7944a8d574

Download Submit
C:\Windows\System\lisp.exe

Filesize
367KB

MD5
5382c49d150523e5b538ec36f3610264

SHA1
e74fe10abc40ff36d31640423db6451920010854

SHA256
f3e6e4a3cdcf150f333f88e9c3610799f3e4ec88a2b975c93a63660870224395

SHA512
95177b8a1a231ae1b5b2184cac55490fc152a983510545ee19477668dd41ea0d70dc94d872678b8fd3cd5133f182024834128757cd1fddbe2a95efba77c0f681

Download Submit
C:\Windows\uninstal.bat

Filesize
190B

MD5
fa3921be48b47dd660556def640cf386

SHA1
7e313eb1a301bd39946ba9e6fbd5b8ea52b64dd8

SHA256
99fa79db5bc814a68d77a59d56861e37dd7bfe41ca70c8a7e6ec856d35d59935

SHA512
1805c4e52975ddbc0657b96715fb28d1f9c676c7a3f7d2f2ad419e5252a8009fe78db937e81c0e4db311e9d331e733d422775e8c06fa1d6cb1a1666a64a920f0

Download Submit
memory/564-0-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/564-1-0x0000000002310000-0x0000000002364000-memory.dmp

Filesize
336KB

Download
memory/564-4-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/564-3-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/564-5-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/564-6-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/564-21-0x0000000002730000-0x0000000002731000-memory.dmp

Filesize
4KB

Download
memory/564-20-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/564-19-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/564-18-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/564-17-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/564-16-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

Filesize
4KB

Download
memory/564-15-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/564-14-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/564-13-0x0000000003610000-0x0000000003611000-memory.dmp

Filesize
4KB

Download
memory/564-12-0x0000000003510000-0x0000000003513000-memory.dmp

Filesize
12KB

Download
memory/564-11-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/564-10-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/564-9-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/564-8-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/564-7-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/564-2-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/564-37-0x0000000002310000-0x0000000002364000-memory.dmp

Filesize
336KB

Download
memory/564-34-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/3784-41-0x0000000001F80000-0x0000000002080000-memory.dmp

Filesize
1024KB

Download
memory/3784-60-0x00000000020A0000-0x00000000020A1000-memory.dmp

Filesize
4KB

Download
memory/3784-36-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-38-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-35-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-39-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-40-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-31-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-44-0x0000000001F80000-0x0000000002080000-memory.dmp

Filesize
1024KB

Download
memory/3784-43-0x0000000001F80000-0x0000000002080000-memory.dmp

Filesize
1024KB

Download
memory/3784-42-0x0000000001F80000-0x0000000002080000-memory.dmp

Filesize
1024KB

Download
memory/3784-46-0x0000000001F80000-0x0000000002080000-memory.dmp

Filesize
1024KB

Download
memory/3784-45-0x0000000001F80000-0x0000000002080000-memory.dmp

Filesize
1024KB

Download
memory/3784-49-0x0000000001F80000-0x0000000002080000-memory.dmp

Filesize
1024KB

Download
memory/3784-50-0x0000000001F80000-0x0000000002080000-memory.dmp

Filesize
1024KB

Download
memory/3784-51-0x0000000001F80000-0x0000000002080000-memory.dmp

Filesize
1024KB

Download
memory/3784-54-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-53-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-55-0x00000000010B0000-0x00000000010B1000-memory.dmp

Filesize
4KB

Download
memory/3784-57-0x0000000002090000-0x0000000002091000-memory.dmp

Filesize
4KB

Download
memory/3784-58-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/3784-33-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-59-0x00000000020B0000-0x00000000020B1000-memory.dmp

Filesize
4KB

Download
memory/3784-62-0x00000000009E0000-0x0000000000A34000-memory.dmp

Filesize
336KB

Download
memory/3784-61-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/3784-52-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-48-0x0000000001F80000-0x0000000002080000-memory.dmp

Filesize
1024KB

Download
memory/3784-47-0x0000000001F80000-0x0000000002080000-memory.dmp

Filesize
1024KB

Download
memory/3784-32-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-30-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-27-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-26-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/3784-63-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/3784-64-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-65-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-66-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-67-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-68-0x0000000001F40000-0x0000000001F80000-memory.dmp

Filesize
256KB

Download
memory/3784-69-0x0000000001F80000-0x0000000002080000-memory.dmp

Filesize
1024KB

Download
memory/3784-70-0x0000000001F80000-0x0000000002080000-memory.dmp

Filesize
1024KB

Download
memory/3784-71-0x0000000001F80000-0x0000000002080000-memory.dmp

Filesize
1024KB

Download