Analysis
-
max time kernel
1s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
31-12-2023 15:08
General
-
Target
69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe
-
Size
1.6MB
-
MD5
ea4d996b472fabecc83c821342a6f2da
-
SHA1
3d6f8b3ea30f2da6392843b09c6a4039bda72040
-
SHA256
69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704
-
SHA512
fd44c2ad95e661fb4de273cc21a3102a8f1361f7377bd1bf6228476f3e41a3c52159d991cdedd517b139c35c102d2f8539db51b30b45c37230876824d854f40e
-
SSDEEP
12288:PZak9NyN+gGo3gnqYI2xsuz+dIoMfySCbne++ZgmCWJ3Mi1EesvxuAySjZF:99NyN+F0YfxzccaSL++aGJFayKZ
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 7 IoCs
-
Drops file in System32 directory 8 IoCs
-
Drops file in Program Files directory 5 IoCs
-
Drops file in Windows directory 1 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Users\Admin\AppData\Local\Temp\69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe"C:\Users\Admin\AppData\Local\Temp\69cf1f011c501ebd306ff4803641dfeb7504139081d8c6d3532749ad8590e704.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
412KB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.3MB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
64KB
-
Filesize
64KB