ef534c72b800286824af370f3b98c75120a55d87b65e2bffba8d2ba0ab32a070

Analysis

max time kernel
3s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 09:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef534c72b800286824af370f3b98c75120a55d87b65e2bffba8d2ba0ab32a070.exe
Size

1.3MB
MD5

04987587e8f891e823ca06ede62e454a
SHA1

7d74167f4f3b63e26f104756e3d19984bac84302
SHA256

ef534c72b800286824af370f3b98c75120a55d87b65e2bffba8d2ba0ab32a070
SHA512

23f42ae9725046de089217f1339ac5453c5faa2238c7794321de9ebacf22d0ecec9e2d433e9c216bcd04dab4fd688ec8c57c0be34b8b810841f73edd0f8f46a8
SSDEEP

24576:X6xN+8MWt5Qogm3rtNjR01iSGGvuBa4pyakDSVXT5X0vhA:X6g8MWt5Q3m3rtui3wuE4p1pXT5X0v2

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1724	ef534c72b800286824af370f3b98c75120a55d87b65e2bffba8d2ba0ab32a070.exe
1724	ef534c72b800286824af370f3b98c75120a55d87b65e2bffba8d2ba0ab32a070.exe
1724	ef534c72b800286824af370f3b98c75120a55d87b65e2bffba8d2ba0ab32a070.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1724	ef534c72b800286824af370f3b98c75120a55d87b65e2bffba8d2ba0ab32a070.exe
Token: SeDebugPrivilege	1724	ef534c72b800286824af370f3b98c75120a55d87b65e2bffba8d2ba0ab32a070.exe

C:\Users\Admin\AppData\Local\Temp\ef534c72b800286824af370f3b98c75120a55d87b65e2bffba8d2ba0ab32a070.exe
"C:\Users\Admin\AppData\Local\Temp\ef534c72b800286824af370f3b98c75120a55d87b65e2bffba8d2ba0ab32a070.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54e1bed9789eb1fd087d550981aa454a

SHA1
1de1eefda956cf977aaa7515dde46947f1fd6783

SHA256
dffa36081c787037e4582747a61efc45e2c68b504fe85e4798815a68881ac33f

SHA512
1c6101649937960a03ce6c66fb46fbbe14cedc72fe957bd6981b73e49c2dd0ec185a6806fb5466a013218da8e099b3c82462062c101fa59c285bf4c559938911

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5025a34e09a32c0ac98d4860fc797e4b

SHA1
ee4eded782b8d49752997d6bd35fb85d6168b623

SHA256
971827c15eb1836abd966dd9448dd66d14eff9d5a8ee088226da826004f3f47b

SHA512
59f287a1fba10a5af847ecf822f49c845f954e1f6e6710e6f77b98460ca472483f81c424a3fcc36c161e0717f4b0fbaae30da7da0206fb3f7ac301069ae51242

Download Submit
memory/1724-1-0x000007FEF6060000-0x000007FEF6A4C000-memory.dmp

Filesize
9.9MB

Download
memory/1724-4-0x000000001B120000-0x000000001B1A0000-memory.dmp

Filesize
512KB

Download
memory/1724-6-0x0000000000290000-0x000000000029A000-memory.dmp

Filesize
40KB

Download
memory/1724-7-0x000000001B120000-0x000000001B1A0000-memory.dmp

Filesize
512KB

Download
memory/1724-5-0x0000000000290000-0x000000000029A000-memory.dmp

Filesize
40KB

Download
memory/1724-11-0x000000001B120000-0x000000001B1A0000-memory.dmp

Filesize
512KB

Download
memory/1724-0-0x0000000000140000-0x0000000000174000-memory.dmp

Filesize
208KB

Download
memory/1724-3-0x000000001B120000-0x000000001B1A0000-memory.dmp

Filesize
512KB

Download
memory/1724-2-0x000000001B120000-0x000000001B1A0000-memory.dmp

Filesize
512KB

Download
memory/1724-124-0x000007FEF6060000-0x000007FEF6A4C000-memory.dmp

Filesize
9.9MB

Download
memory/1724-126-0x0000000000290000-0x000000000029A000-memory.dmp

Filesize
40KB

Download
memory/1724-125-0x0000000000290000-0x000000000029A000-memory.dmp

Filesize
40KB

Download