Overview

overview

10

Static

static

3

samples4.zip

windows7-x64

1

samples4.zip

windows10-2004-x64

1

0e60d49a96...01.exe

windows7-x64

0e60d49a96...01.exe

windows10-2004-x64

1ce5dd21fb...1e.exe

windows7-x64

10

1ce5dd21fb...1e.exe

windows10-2004-x64

10

3c73425d02...e6.exe

windows7-x64

6

3c73425d02...e6.exe

windows10-2004-x64

6

5df6314b5c...5b.exe

windows7-x64

10

5df6314b5c...5b.exe

windows10-2004-x64

10

5ee5166c02...93.exe

windows7-x64

10

5ee5166c02...93.exe

windows10-2004-x64

10

5f7cdd8c28...02.exe

windows7-x64

7

5f7cdd8c28...02.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2024 15:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c73425d026a172779c8ffc5e338afbf6e66f1ad3020a11c2bece4658fcb28fc/3c73425d026a172779c8ffc5e338afbf6e6.exe

  • Size

    213KB

  • MD5

    045ffadc2fda21d2cd8e2fc37e9557c9

  • SHA1

    85fce2c0d66c852e9b7b326198da0cfb9f31fc54

  • SHA256

    3c73425d026a172779c8ffc5e338afbf6e66f1ad3020a11c2bece4658fcb28fc

  • SHA512

    7233efe7849edd61163d0656f1a732760f7b649f38b94cb7d8eef0e30450013d684a5b4241a1708d734c5a5ef6ce26d5cf1bdc3ccd6002d3edfc6a51e9698452

  • SSDEEP

    768:ZzCQUwJLKh1hn49V/KmhP1ypZr1hn49V/KmdP1ywZc:bA1hn4HmR1hn4HP+

Score
6/10

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c73425d026a172779c8ffc5e338afbf6e66f1ad3020a11c2bece4658fcb28fc\3c73425d026a172779c8ffc5e338afbf6e6.exe
    "C:\Users\Admin\AppData\Local\Temp\3c73425d026a172779c8ffc5e338afbf6e66f1ad3020a11c2bece4658fcb28fc\3c73425d026a172779c8ffc5e338afbf6e6.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/748-0-0x0000000074D40000-0x00000000754F0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/748-1-0x0000000000090000-0x00000000000CA000-memory.dmp

    Filesize

    232KB

    Download

  • memory/748-2-0x00000000050D0000-0x0000000005674000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/748-3-0x0000000004B20000-0x0000000004BB2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/748-4-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/748-5-0x0000000004AC0000-0x0000000004ACA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/748-99-0x0000000074D40000-0x00000000754F0000-memory.dmp

    Filesize

    7.7MB

    Download