a35b645f0726885694d3999eb88197a5ba1d070e5091f2d7aad3999c29c20963

Analysis

max time kernel
1s
max time network
125s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a35b645f0726885694d3999eb88197a5ba1d070e5091f2d7aad3999c29c20963.exe
Size

1.3MB
MD5

09eddda58cfebe3c47fb82d17f902432
SHA1

c0e9feb9232323e97c2fc7a73dc6d36894907a70
SHA256

a35b645f0726885694d3999eb88197a5ba1d070e5091f2d7aad3999c29c20963
SHA512

e9ba3457b628e174212906c8f9d8377089b09897c9bafb28e014c9f739a1c0ae1d4666170b90f52d1ffa9d0024edda142c2355321f1af36aedadfe27155bdda0
SSDEEP

24576:Bhhjuqpe3kP4mYwVoiPYq/a+K/4XfXeNKFyakDSVXT5XVAMg:5juLkAmFVoIYq++0KF1pXT5XVAMg

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2392	a35b645f0726885694d3999eb88197a5ba1d070e5091f2d7aad3999c29c20963.exe
2392	a35b645f0726885694d3999eb88197a5ba1d070e5091f2d7aad3999c29c20963.exe
2392	a35b645f0726885694d3999eb88197a5ba1d070e5091f2d7aad3999c29c20963.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2392	a35b645f0726885694d3999eb88197a5ba1d070e5091f2d7aad3999c29c20963.exe
Token: SeDebugPrivilege	2392	a35b645f0726885694d3999eb88197a5ba1d070e5091f2d7aad3999c29c20963.exe

C:\Users\Admin\AppData\Local\Temp\a35b645f0726885694d3999eb88197a5ba1d070e5091f2d7aad3999c29c20963.exe
"C:\Users\Admin\AppData\Local\Temp\a35b645f0726885694d3999eb88197a5ba1d070e5091f2d7aad3999c29c20963.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7fbbd94d3b62020d9a9f0aa36520238

SHA1
139b13e118f51ea21c3d59c5ebc9eefce757ab2a

SHA256
a23257f4a03eca02c2a3640091bce1253458419f794ed7464e8334c4df728f01

SHA512
be983811dfe9f884a684051258303e5b0f4d316dde39071fb488b076bf578d771e010c1945fded3b41fb3fea9566ef7604c1dfc24c57bfa81b314833d93c4f33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
9d5800169ab50cf05d1dd13811d18385

SHA1
f954640b12955fb93f4f0494c19749e37fd52e2e

SHA256
57e3f27ad43eaf7f9bb2a107736987038d6b79680f403a3836cbe7f461bb7519

SHA512
cebfa8ba55c8958d15bb3f9e8fd88b2dc7f07c6d7f4cf440604d6ff5639d6bd387b0d6c9eb046d4ef361a7bc1419944916708f2d25831eb327f1afbd6a7243c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar211D.tmp

Filesize
14KB

MD5
a3bafef70a7de64c48618d97070e14fd

SHA1
c4cd312d814ceb52616ebe3998eaa33ac969764a

SHA256
6d174dd81b14f028d22eb75c3bc24b14e9b4f781563db408c15d5b5eaef34f3a

SHA512
a98e5eb87ad8b9700cadc24d1c6ae4e113ae1ad4e1af0e04d35ae9a88b4f20538b0639d16d317eb336277eb7b96fa31866aae67631394fc8d8fbbded9c68113f

Download Submit
memory/2392-6-0x00000000026D0000-0x0000000002750000-memory.dmp

Filesize
512KB

Download
memory/2392-2-0x00000000026D0000-0x0000000002750000-memory.dmp

Filesize
512KB

Download
memory/2392-4-0x0000000002020000-0x000000000202A000-memory.dmp

Filesize
40KB

Download
memory/2392-10-0x00000000026D0000-0x0000000002750000-memory.dmp

Filesize
512KB

Download
memory/2392-11-0x00000000026D0000-0x0000000002750000-memory.dmp

Filesize
512KB

Download
memory/2392-0-0x0000000001FF0000-0x0000000002024000-memory.dmp

Filesize
208KB

Download
memory/2392-1-0x000007FEF5530000-0x000007FEF5F1C000-memory.dmp

Filesize
9.9MB

Download
memory/2392-5-0x0000000002020000-0x000000000202A000-memory.dmp

Filesize
40KB

Download
memory/2392-3-0x00000000026D0000-0x0000000002750000-memory.dmp

Filesize
512KB

Download
memory/2392-115-0x000007FEF5530000-0x000007FEF5F1C000-memory.dmp

Filesize
9.9MB

Download
memory/2392-116-0x00000000026D0000-0x0000000002750000-memory.dmp

Filesize
512KB

Download
memory/2392-145-0x0000000002020000-0x000000000202A000-memory.dmp

Filesize
40KB

Download
memory/2392-144-0x0000000002020000-0x000000000202A000-memory.dmp

Filesize
40KB

Download
memory/2392-146-0x00000000026D0000-0x0000000002750000-memory.dmp

Filesize
512KB

Download