Analysis

  • max time kernel
    6s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2024 20:43

General

  • Target

    3dd70c1a25aadcd716584f06b99e0816.exe

  • Size

    56KB

  • MD5

    3dd70c1a25aadcd716584f06b99e0816

  • SHA1

    d3ed24396ca46be81163a519347d15abec4fde3d

  • SHA256

    bc347bbdb40ad2db62197b179b4b97ee43550d5da9256e36885b655576b9fc16

  • SHA512

    00f9e208e582fa2c92cbfade2803baa1758752445d9f43e75651ca6fdabfcd180f118b5f2a407ecd55921bfd5d503a14233e86070bc37baa39433337d177b396

  • SSDEEP

    1536:/p/kAjBt7aq80Us+NJX/yoOphTNgm/gIJt:B/9taxjX/3OpxNdt

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:612
    • C:\Users\Admin\AppData\Local\Temp\3dd70c1a25aadcd716584f06b99e0816.exe
      "C:\Users\Admin\AppData\Local\Temp\3dd70c1a25aadcd716584f06b99e0816.exe"
      1⤵
      • Modifies WinLogon for persistence
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2300

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/612-15-0x0000000000400000-0x0000000000429000-memory.dmp

      Filesize

      164KB

    • memory/612-31-0x0000000037A60000-0x0000000037A89000-memory.dmp

      Filesize

      164KB

    • memory/612-47-0x0000000037AC0000-0x0000000037AE9000-memory.dmp

      Filesize

      164KB

    • memory/612-55-0x0000000037AF0000-0x0000000037B19000-memory.dmp

      Filesize

      164KB

    • memory/612-71-0x0000000037B50000-0x0000000037B79000-memory.dmp

      Filesize

      164KB

    • memory/612-79-0x0000000037B80000-0x0000000037BA9000-memory.dmp

      Filesize

      164KB

    • memory/612-87-0x0000000037BB0000-0x0000000037BD9000-memory.dmp

      Filesize

      164KB

    • memory/612-95-0x0000000037BE0000-0x0000000037C09000-memory.dmp

      Filesize

      164KB

    • memory/612-111-0x0000000037C40000-0x0000000037C69000-memory.dmp

      Filesize

      164KB

    • memory/612-119-0x0000000037C70000-0x0000000037C99000-memory.dmp

      Filesize

      164KB

    • memory/612-135-0x0000000037CD0000-0x0000000037CF9000-memory.dmp

      Filesize

      164KB

    • memory/612-143-0x0000000037D00000-0x0000000037D29000-memory.dmp

      Filesize

      164KB

    • memory/612-159-0x0000000037D60000-0x0000000037D89000-memory.dmp

      Filesize

      164KB

    • memory/612-167-0x0000000037D90000-0x0000000037DB9000-memory.dmp

      Filesize

      164KB

    • memory/612-183-0x0000000037DF0000-0x0000000037E19000-memory.dmp

      Filesize

      164KB

    • memory/612-191-0x0000000037E20000-0x0000000037E49000-memory.dmp

      Filesize

      164KB

    • memory/612-199-0x0000000037E50000-0x0000000037E79000-memory.dmp

      Filesize

      164KB

    • memory/612-215-0x0000000037EB0000-0x0000000037ED9000-memory.dmp

      Filesize

      164KB

    • memory/612-223-0x0000000037EE0000-0x0000000037F09000-memory.dmp

      Filesize

      164KB

    • memory/612-231-0x0000000037F10000-0x0000000037F39000-memory.dmp

      Filesize

      164KB

    • memory/612-247-0x0000000037F70000-0x0000000037F99000-memory.dmp

      Filesize

      164KB

    • memory/612-255-0x0000000037FA0000-0x0000000037FC9000-memory.dmp

      Filesize

      164KB

    • memory/612-271-0x0000000038000000-0x0000000038029000-memory.dmp

      Filesize

      164KB

    • memory/612-279-0x0000000038030000-0x0000000038059000-memory.dmp

      Filesize

      164KB

    • memory/612-295-0x0000000038090000-0x00000000380B9000-memory.dmp

      Filesize

      164KB

    • memory/612-303-0x00000000380C0000-0x00000000380E9000-memory.dmp

      Filesize

      164KB

    • memory/612-319-0x0000000038120000-0x0000000038149000-memory.dmp

      Filesize

      164KB

    • memory/612-327-0x0000000038150000-0x0000000038179000-memory.dmp

      Filesize

      164KB

    • memory/612-335-0x0000000038180000-0x00000000381A9000-memory.dmp

      Filesize

      164KB

    • memory/612-351-0x00000000381E0000-0x0000000038209000-memory.dmp

      Filesize

      164KB

    • memory/612-367-0x0000000038240000-0x0000000038269000-memory.dmp

      Filesize

      164KB

    • memory/612-375-0x0000000038270000-0x0000000038299000-memory.dmp

      Filesize

      164KB

    • memory/612-383-0x00000000382A0000-0x00000000382C9000-memory.dmp

      Filesize

      164KB

    • memory/612-399-0x0000000038300000-0x0000000038329000-memory.dmp

      Filesize

      164KB

    • memory/612-407-0x0000000038330000-0x0000000038359000-memory.dmp

      Filesize

      164KB

    • memory/612-423-0x0000000038390000-0x00000000383B9000-memory.dmp

      Filesize

      164KB

    • memory/612-431-0x00000000383C0000-0x00000000383E9000-memory.dmp

      Filesize

      164KB

    • memory/612-447-0x0000000038420000-0x0000000038449000-memory.dmp

      Filesize

      164KB

    • memory/612-455-0x0000000038450000-0x0000000038479000-memory.dmp

      Filesize

      164KB

    • memory/612-471-0x00000000384B0000-0x00000000384D9000-memory.dmp

      Filesize

      164KB

    • memory/612-479-0x00000000384E0000-0x0000000038509000-memory.dmp

      Filesize

      164KB

    • memory/612-487-0x0000000038510000-0x0000000038539000-memory.dmp

      Filesize

      164KB

    • memory/612-503-0x0000000038570000-0x0000000038599000-memory.dmp

      Filesize

      164KB

    • memory/612-495-0x0000000038540000-0x0000000038569000-memory.dmp

      Filesize

      164KB

    • memory/612-463-0x0000000038480000-0x00000000384A9000-memory.dmp

      Filesize

      164KB

    • memory/612-439-0x00000000383F0000-0x0000000038419000-memory.dmp

      Filesize

      164KB

    • memory/612-415-0x0000000038360000-0x0000000038389000-memory.dmp

      Filesize

      164KB

    • memory/612-391-0x00000000382D0000-0x00000000382F9000-memory.dmp

      Filesize

      164KB

    • memory/612-359-0x0000000038210000-0x0000000038239000-memory.dmp

      Filesize

      164KB

    • memory/612-343-0x00000000381B0000-0x00000000381D9000-memory.dmp

      Filesize

      164KB

    • memory/612-311-0x00000000380F0000-0x0000000038119000-memory.dmp

      Filesize

      164KB

    • memory/612-287-0x0000000038060000-0x0000000038089000-memory.dmp

      Filesize

      164KB

    • memory/612-263-0x0000000037FD0000-0x0000000037FF9000-memory.dmp

      Filesize

      164KB

    • memory/612-239-0x0000000037F40000-0x0000000037F69000-memory.dmp

      Filesize

      164KB

    • memory/612-207-0x0000000037E80000-0x0000000037EA9000-memory.dmp

      Filesize

      164KB

    • memory/612-175-0x0000000037DC0000-0x0000000037DE9000-memory.dmp

      Filesize

      164KB

    • memory/612-151-0x0000000037D30000-0x0000000037D59000-memory.dmp

      Filesize

      164KB

    • memory/612-127-0x0000000037CA0000-0x0000000037CC9000-memory.dmp

      Filesize

      164KB

    • memory/612-103-0x0000000037C10000-0x0000000037C39000-memory.dmp

      Filesize

      164KB

    • memory/612-63-0x0000000037B20000-0x0000000037B49000-memory.dmp

      Filesize

      164KB

    • memory/612-39-0x0000000037A90000-0x0000000037AB9000-memory.dmp

      Filesize

      164KB

    • memory/612-23-0x0000000037A30000-0x0000000037A59000-memory.dmp

      Filesize

      164KB

    • memory/2300-0-0x0000000000400000-0x0000000000429000-memory.dmp

      Filesize

      164KB

    • memory/2300-3-0x0000000000400000-0x0000000000429000-memory.dmp

      Filesize

      164KB

    • memory/2300-1-0x0000000000400000-0x0000000000429000-memory.dmp

      Filesize

      164KB