Overview

overview

7

Static

static

3

3b83826f94...94.exe

windows7-x64

3

3b83826f94...94.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/01/2024, 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b83826f9404ba991f665e610e919394.exe

  • Size

    361KB

  • MD5

    3b83826f9404ba991f665e610e919394

  • SHA1

    e42d97afa86021875f87cee1d5bafd475c5b7474

  • SHA256

    5ea2e610d4cab87581ceec2ea2724bd03a8a2f0de3a4f687d4087fc37dd795e0

  • SHA512

    234db26d6a285251c4abd59822bec57412c8445848ea978846bfb7e49433690a1d0d372befabd4a38f4b5cc084c84b3c4f9152db11f4e27b815087597160b085

  • SSDEEP

    6144:wGVPyyMHVilE0LiywLf+llnmPf6BSqHm+Ihx4iwiwjgI7DKyVSHK8q:JM1ilhQb+l0P2mNhqiwUKm8SH4

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Modifies WinLogon 2 TTPs 8 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b83826f9404ba991f665e610e919394.exe
    "C:\Users\Admin\AppData\Local\Temp\3b83826f9404ba991f665e610e919394.exe"
    1⤵
    • Loads dropped DLL
    • Modifies WinLogon
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\mdhcp32.dll
    Filesize

    49KB

    MD5

    2fab24ad2cf943f37cddbf618cbdf83b

    SHA1

    ab9d7e6848ac2c8b4861f5126cee71727e505875

    SHA256

    2ee409c628b6dfd1be8daa865b30b511280da666666d793456b54ca843ce6db7

    SHA512

    b885714e4624d48b418f2b4c33d1ca96e1e87cc7bddbb4450a59e62a499abd18be0e949bc62f5e37cf2459c3b1de61d863745124147100e9e2f69588e13c4e7e

    Download Submit

  • memory/4528-20-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4528-24-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4528-11-0x00000000026A0000-0x00000000026B2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4528-12-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4528-14-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4528-16-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4528-10-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4528-18-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4528-22-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4528-6-0x00000000026A0000-0x00000000026B2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4528-26-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4528-28-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4528-30-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4528-32-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4528-34-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4528-36-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download