Overview

overview

8

Static

static

3

4132cbda66...32.exe

windows7-x64

8

4132cbda66...32.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2024, 15:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4132cbda66975e8172291aa4d6c4b232.exe

  • Size

    672KB

  • MD5

    4132cbda66975e8172291aa4d6c4b232

  • SHA1

    f2484170990c6846d763d3a7743ee0d7d2e46754

  • SHA256

    ff5808ac4b050e10713e9132bd3961c369de9bc8791b827f65d143ffbaf119d5

  • SHA512

    36d70b773399ceb1a4d1e5f36ec49e74637813a1f9d0a06de96a875e535bb344cfdb8f8d3f2bbf0e885d546b7ce310caee61ba0d8e598c1eb2f93b9eb7fe970b

  • SSDEEP

    12288:QeBNUbTVO86UCHruRdp+WA00SKCpVRwfXXSVUhbxk9e/pJu:QJIUCNd0nKwYvX+UhbW9eM

Score
8/10
discoveryevasiontrojan

Malware Config

Signatures

  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 6 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 62 IoCs
  • Drops file in Program Files directory 24 IoCs
  • Drops file in Windows directory 5 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\4132cbda66975e8172291aa4d6c4b232.exe
    "C:\Users\Admin\AppData\Local\Temp\4132cbda66975e8172291aa4d6c4b232.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2744
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Windows security modification
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:2544
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:2160
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:3952
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4304
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:3520
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:3836
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:896

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
            Filesize

            613KB

            MD5

            9425392db6203b2d71320bcd7a334364

            SHA1

            fb1c6a3f10e08016dd1c805ab6cc3d2ef7703e4b

            SHA256

            75477e0f7c452ca869b4d6580e0714a91dbf748b82d3a8f452f80693281d5bb1

            SHA512

            0722c08e467b324f9c57862e0f1eee7ec3a461bcdfaa9637590268894625e9b2e11f36fadde99f5d6bb8b6ca7711d64fc32ff11e650b8ea05bce4f04db8f559a

            Download Submit

          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\egoleafl.tmp
            Filesize

            1.7MB

            MD5

            90d841bb7590a369215f3b7d77a8361c

            SHA1

            36f7d925ae563435e868f809a2ed9d128994e1c0

            SHA256

            77e038f4f1a1626905501eabf021d52b876956aaacaa3e4f64207e84024c5058

            SHA512

            2d06b3a8e3e8a036ee402b763f44d70d8f147bc0d4246c1ee046bea6b5d08b7270c5401dc4f369ec762eca08d981227be22e6f5149e997a85ebfb477ef48536b

            Download Submit

          • C:\Users\Admin\AppData\Local\okrkdekd\fjoenbhi.tmp
            Filesize

            678KB

            MD5

            780a6ec77dffc3ebf7c0689dee7d4ca6

            SHA1

            c1660e3daab254bfccb7c09d00e1b92e4dc633f5

            SHA256

            932941144f964b0e758243a803461b35ae0123da52abacdb06fdbdeab0ca740d

            SHA512

            fe9710e633afa2fa4418fc5ac5783f8476df12553be29966cdf15d433ea22d0d552233d8dfe91f99e6de3e4c1939cf8ba78cb0472363ec807c556b1d74120d67

            Download Submit

          • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
            Filesize

            487KB

            MD5

            d627dfb4878b72d753621f6a664c8489

            SHA1

            1f8e2749254bae4a3d81a3ddf0f6a5bbb74ddc09

            SHA256

            0a6c1b07198450424e65d021208a6c86b765f9c119239b37aa3c6cbb27f75405

            SHA512

            395f6f4155f2b57762f76fc20f5a4cf08dfacc5c535ac363c62e4a0e6aef24eb9ea1ba23cf051df79613b6c0a6822de9060f3783405b990340e1b146dace74f4

            Download Submit

          • C:\Windows\System32\FXSSVC.exe
            Filesize

            1.0MB

            MD5

            b64edd2477552bc667187b45ffca5fe9

            SHA1

            92ad7e15cae7d8970f12f05a4a49470446768771

            SHA256

            f9994eaa8a7a20f5c549e25fc8e3340e62dde215f527302e9f24550a604ef194

            SHA512

            849e4fce3cc82b7a78330ff861b8f9c947f994bacbc87619f9dcbe25e654c1c89b8a143cc208e2cf38c4f25c6158792d100c1d9c0e6a0a875fbb3f7c2100155b

            Download Submit

          • C:\Windows\System32\alg.exe
            Filesize

            489KB

            MD5

            085c168cdace2740aaf3d3f10d954b49

            SHA1

            0c9787d4f4dcc496bf97b44af31a346bc4da7468

            SHA256

            17793411dd0a5040619727835de72e638be72fcf3e765eab965080f89b36b5bc

            SHA512

            d78ca9e4e0fbe418cb8a7f3a03c571944cf82c08d7aece7da474f6f4c00032270f3820685581cabb5bcdf0a1c18cf6caf55fc7d98ed5d0d08374952e6e500b76

            Download Submit

          • C:\Windows\System32\msdtc.exe
            Filesize

            540KB

            MD5

            444d9e6ca21310a1e00273cd25c16010

            SHA1

            3ee49d922276750f7da0e78edfd65d84b98a449e

            SHA256

            4126cb8fc7e7971d6256b667c63afb2469de39b6c6fdfe292f34ff22c661008d

            SHA512

            3d29fd293ae1782190393952c4cdaa69e23460c5eac4ae069d10264d288e88f0dbcb6a316c1dfd0c44fb4823788d2dcfbb2d739fb671f2ed9735506c6447f422

            Download Submit

          • \??\c:\program files\common files\microsoft shared\source engine\ose.exe
            Filesize

            637KB

            MD5

            b3a2a57ca160a7da097a73e38ec3dcb4

            SHA1

            0352eef04fe4774d9617a36de2da9bfb1b2cfe2c

            SHA256

            3da196b84d77a8486fbde96766e08853c3a427d15953b9dc52f34099ff632469

            SHA512

            9425a6e4d4d7b9ef63e9589ae9e2aeec372254e542c099e97ef11b4a07adeebabedc57fc040c7e837db329422de3616705c294ae5d1ec198975178284d0d377b

            Download Submit

          • \??\c:\program files\google\chrome\Application\106.0.5249.119\elevation_service.exe
            Filesize

            2.0MB

            MD5

            c5d0311bd2e4e95975d9897c481cbd16

            SHA1

            67b59d2ae65dd3821365a10fca7787f971514f7a

            SHA256

            878c4919edebf30b9e1f7be587c5f949bd31c5487395d9df04b031a58896ff4b

            SHA512

            e9e7c572fa320e9f2c2d464b464cb314fedd7c802d0a9280ab6f4136682640e7ddd10fd33391f202e52a756f65610c943faab1af11ef29e50e55a25ef92758ae

            Download Submit

          • \??\c:\windows\system32\Appvclient.exe
            Filesize

            641KB

            MD5

            8895430c94d423774f939d8d16ca5cc7

            SHA1

            cba3bbb51b96af6275cdee3efb0c51b5e2d2d657

            SHA256

            48084a614e97c54eadd522c6e2cbef06ec67c6c371c533b44150bc6b7f003120

            SHA512

            d292ce745a141cb4d760fbbaaff3885f88baa61c258dffd5ce15fcd24234c622ddbbc342eae97ae422a4c3a323b0095097eeeff439d9c3b828e128927072ed5c

            Download Submit

          • memory/896-77-0x00007FF799930000-0x00007FF799A12000-memory.dmp

            Filesize

            904KB

            Download

          • memory/896-109-0x00007FF799930000-0x00007FF799A12000-memory.dmp

            Filesize

            904KB

            Download

          • memory/2160-32-0x00007FF6477D0000-0x00007FF6478A2000-memory.dmp

            Filesize

            840KB

            Download

          • memory/2160-87-0x00007FF6477D0000-0x00007FF6478A2000-memory.dmp

            Filesize

            840KB

            Download

          • memory/2544-24-0x00007FF7825C0000-0x00007FF782693000-memory.dmp

            Filesize

            844KB

            Download

          • memory/2544-76-0x00007FF7825C0000-0x00007FF782693000-memory.dmp

            Filesize

            844KB

            Download

          • memory/2544-18-0x00007FF7825C0000-0x00007FF782693000-memory.dmp

            Filesize

            844KB

            Download

          • memory/2744-0-0x00007FF732130000-0x00007FF732230000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/2744-17-0x00007FF732130000-0x00007FF732230000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/2744-2-0x00007FF732130000-0x00007FF732230000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/3520-50-0x00007FF7848E0000-0x00007FF784B41000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/3520-93-0x00007FF7848E0000-0x00007FF784B41000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/3836-62-0x00007FF73CC10000-0x00007FF73CD04000-memory.dmp

            Filesize

            976KB

            Download

          • memory/3836-64-0x00007FF73CC10000-0x00007FF73CD04000-memory.dmp

            Filesize

            976KB

            Download

          • memory/4304-48-0x00007FF7D9F60000-0x00007FF7DA0BF000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/4304-40-0x00007FF7D9F60000-0x00007FF7DA0BF000-memory.dmp

            Filesize

            1.4MB

            Download