Overview

overview

10

Static

static

3

40845af209...70.exe

windows7-x64

10

40845af209...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    168s
  • max time network
    178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2024, 09:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40845af209146e842628fb982a011070.exe

  • Size

    329KB

  • MD5

    40845af209146e842628fb982a011070

  • SHA1

    9692260985a6442bcb436194433a4293171061d0

  • SHA256

    2f3fca97ceba84f937f46b57d8ffed8592c5039f90aded049368fcb70056ed3b

  • SHA512

    8064cef74ca4863da564b9220d2f8b5a28f6a62997eceba6b8d66f14eeef527328bfae479414aa705a4884749092cd5d5b4f9907df9c6761cddc07dc898eaf3d

  • SSDEEP

    6144:x/UV6moBtLsDTqGouRhYEYQWZLXBkJ9kNmJUkv6kzX08a:BC6Bh4RhArby00JLv6P8

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    PID:3480
    • C:\Users\Admin\AppData\Local\Temp\40845af209146e842628fb982a011070.exe
      "C:\Users\Admin\AppData\Local\Temp\40845af209146e842628fb982a011070.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1852
      • C:\Users\Admin\AppData\Local\017d07ce\X
        193.105.154.210:80
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:696
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe"
        3⤵
        • Deletes itself
        PID:2552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\017d07ce\X
    Filesize

    41KB

    MD5

    686b479b0ee164cf1744a8be359ebb7d

    SHA1

    8615e8f967276a85110b198d575982a958581a07

    SHA256

    fcfbb4c648649f4825b66504b261f912227ba32cbaabcadf4689020a83fb201b

    SHA512

    7ed8022e2b09f232150b77fc3a25269365b624f19f0b50c46a4fdf744eeb23294c09c051452c4c9dbb34a274f1a0bfc54b3ff1987ec16ae2e54848e22a97ed64

    Download Submit

  • memory/1852-1-0x0000000000400000-0x0000000000462414-memory.dmp

    Filesize

    393KB

    Download

  • memory/1852-2-0x0000000000920000-0x0000000000A20000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1852-3-0x0000000000400000-0x0000000000462414-memory.dmp

    Filesize

    393KB

    Download

  • memory/1852-9-0x0000000000400000-0x0000000000462414-memory.dmp

    Filesize

    393KB

    Download

  • memory/1852-11-0x0000000000920000-0x0000000000A20000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1852-13-0x0000000000400000-0x0000000000462414-memory.dmp

    Filesize

    393KB

    Download

  • memory/3480-14-0x0000000001490000-0x0000000001498000-memory.dmp

    Filesize

    32KB

    Download