43d0cd2a2ebaf029a98545e0cd3b0013ae7564fe9e0e19b378e67c8b0737d29e

Resubmissions

07/01/2024, 22:13

240107-15e25afcbr 3

05/01/2024, 08:43

240105-km1ywagebq 3

Analysis

max time kernel
1s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Vacuum (2) (2).exe
Size

6.0MB
MD5

dc112d6f1dffbd1f1049413a493c41b3
SHA1

3022f9f85d85735b000af193ae766b2576eee537
SHA256

43d0cd2a2ebaf029a98545e0cd3b0013ae7564fe9e0e19b378e67c8b0737d29e
SHA512

e47145277c4731a2ba513b699b2e1a380b7a3733658c2d7719d53a287f4a60f13a66dc8d14688282343dfbe7501d4d81ff71fdceadf012135de0ad5948fc3472
SSDEEP

98304:Yg09C7lJw/kngbjkEksToRep9fTqGAakUNP3e7NpGmtCgGig/XG+AhAXNhFg9e:MY7okn0rxqhak83MPfRQG+3Fgs

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2148	WMIC.exe
Token: SeSecurityPrivilege	2148	WMIC.exe
Token: SeTakeOwnershipPrivilege	2148	WMIC.exe
Token: SeLoadDriverPrivilege	2148	WMIC.exe
Token: SeSystemProfilePrivilege	2148	WMIC.exe
Token: SeSystemtimePrivilege	2148	WMIC.exe
Token: SeProfSingleProcessPrivilege	2148	WMIC.exe
Token: SeIncBasePriorityPrivilege	2148	WMIC.exe
Token: SeCreatePagefilePrivilege	2148	WMIC.exe
Token: SeBackupPrivilege	2148	WMIC.exe
Token: SeRestorePrivilege	2148	WMIC.exe
Token: SeShutdownPrivilege	2148	WMIC.exe
Token: SeDebugPrivilege	2148	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2148	WMIC.exe
Token: SeRemoteShutdownPrivilege	2148	WMIC.exe
Token: SeUndockPrivilege	2148	WMIC.exe
Token: SeManageVolumePrivilege	2148	WMIC.exe
Token: 33	2148	WMIC.exe
Token: 34	2148	WMIC.exe
Token: 35	2148	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2148	WMIC.exe
Token: SeSecurityPrivilege	2148	WMIC.exe
Token: SeTakeOwnershipPrivilege	2148	WMIC.exe
Token: SeLoadDriverPrivilege	2148	WMIC.exe
Token: SeSystemProfilePrivilege	2148	WMIC.exe
Token: SeSystemtimePrivilege	2148	WMIC.exe
Token: SeProfSingleProcessPrivilege	2148	WMIC.exe
Token: SeIncBasePriorityPrivilege	2148	WMIC.exe
Token: SeCreatePagefilePrivilege	2148	WMIC.exe
Token: SeBackupPrivilege	2148	WMIC.exe
Token: SeRestorePrivilege	2148	WMIC.exe
Token: SeShutdownPrivilege	2148	WMIC.exe
Token: SeDebugPrivilege	2148	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2148	WMIC.exe
Token: SeRemoteShutdownPrivilege	2148	WMIC.exe
Token: SeUndockPrivilege	2148	WMIC.exe
Token: SeManageVolumePrivilege	2148	WMIC.exe
Token: 33	2148	WMIC.exe
Token: 34	2148	WMIC.exe
Token: 35	2148	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2980	WMIC.exe
Token: SeSecurityPrivilege	2980	WMIC.exe
Token: SeTakeOwnershipPrivilege	2980	WMIC.exe
Token: SeLoadDriverPrivilege	2980	WMIC.exe
Token: SeSystemProfilePrivilege	2980	WMIC.exe
Token: SeSystemtimePrivilege	2980	WMIC.exe
Token: SeProfSingleProcessPrivilege	2980	WMIC.exe
Token: SeIncBasePriorityPrivilege	2980	WMIC.exe
Token: SeCreatePagefilePrivilege	2980	WMIC.exe
Token: SeBackupPrivilege	2980	WMIC.exe
Token: SeRestorePrivilege	2980	WMIC.exe
Token: SeShutdownPrivilege	2980	WMIC.exe
Token: SeDebugPrivilege	2980	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2980	WMIC.exe
Token: SeRemoteShutdownPrivilege	2980	WMIC.exe
Token: SeUndockPrivilege	2980	WMIC.exe
Token: SeManageVolumePrivilege	2980	WMIC.exe
Token: 33	2980	WMIC.exe
Token: 34	2980	WMIC.exe
Token: 35	2980	WMIC.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2752	2184	Vacuum (2) (2).exe	37
PID 2184 wrote to memory of 2752	2184	Vacuum (2) (2).exe	37
PID 2184 wrote to memory of 2752	2184	Vacuum (2) (2).exe	37
PID 2752 wrote to memory of 2148	2752	cmd.exe	25
PID 2752 wrote to memory of 2148	2752	cmd.exe	25
PID 2752 wrote to memory of 2148	2752	cmd.exe	25
PID 2184 wrote to memory of 2984	2184	Vacuum (2) (2).exe	35
PID 2184 wrote to memory of 2984	2184	Vacuum (2) (2).exe	35
PID 2184 wrote to memory of 2984	2184	Vacuum (2) (2).exe	35
PID 2984 wrote to memory of 2980	2984	cmd.exe	27
PID 2984 wrote to memory of 2980	2984	cmd.exe	27
PID 2984 wrote to memory of 2980	2984	cmd.exe	27

C:\Users\Admin\AppData\Local\Temp\Vacuum (2) (2).exe
"C:\Users\Admin\AppData\Local\Temp\Vacuum (2) (2).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\system32\cmd.exe
  "cmd.exe" /C wmic baseboard get serialnumber
  2⤵
  PID:2776
- C:\Windows\system32\cmd.exe
  "cmd.exe" /C wmic logicaldisk get volumeserialnumber
  2⤵
  PID:2644
- C:\Windows\system32\cmd.exe
  "cmd.exe" /C wmic CPU get Architecture
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2984
- C:\Windows\system32\cmd.exe
  "cmd.exe" /C wmic path Win32_videocontroller get PNPDeviceID
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2752
- C:\Windows\system32\cmd.exe
  "cmd.exe" /C wmic baseboard get serialnumber
  2⤵
  PID:2284
- C:\Windows\system32\cmd.exe
  "cmd.exe" /C wmic logicaldisk get volumeserialnumber
  2⤵
  PID:2944
- C:\Windows\system32\cmd.exe
  "cmd.exe" /C wmic CPU get Architecture
  2⤵
  PID:1852
- C:\Windows\system32\cmd.exe
  "cmd.exe" /C wmic path Win32_videocontroller get PNPDeviceID
  2⤵
  PID:3060

C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_videocontroller get PNPDeviceID
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2148

C:\Windows\System32\Wbem\WMIC.exe
wmic CPU get Architecture
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2980

C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get volumeserialnumber
1⤵
PID:2712

C:\Windows\System32\Wbem\WMIC.exe
wmic baseboard get serialnumber
1⤵
PID:1016

C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_videocontroller get PNPDeviceID
1⤵
PID:1328

C:\Windows\System32\Wbem\WMIC.exe
wmic CPU get Architecture
1⤵
PID:2788

C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get volumeserialnumber
1⤵
PID:2964

C:\Windows\System32\Wbem\WMIC.exe
wmic baseboard get serialnumber
1⤵
PID:1584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2184-1-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

Filesize
9.9MB

Download
memory/2184-0-0x000000013F6E0000-0x000000013FCE0000-memory.dmp

Filesize
6.0MB

Download
memory/2184-2-0x0000000000780000-0x0000000000854000-memory.dmp

Filesize
848KB

Download
memory/2184-3-0x000000001AE90000-0x000000001AF10000-memory.dmp

Filesize
512KB

Download
memory/2184-5-0x00000000021E0000-0x00000000021EA000-memory.dmp

Filesize
40KB

Download
memory/2184-7-0x0000000002380000-0x00000000023A8000-memory.dmp

Filesize
160KB

Download
memory/2184-6-0x000000001AE90000-0x000000001AF10000-memory.dmp

Filesize
512KB

Download
memory/2184-4-0x00000000021E0000-0x00000000021EA000-memory.dmp

Filesize
40KB

Download
memory/2184-8-0x000000001AE90000-0x000000001AF10000-memory.dmp

Filesize
512KB

Download
memory/2184-9-0x000000001AE80000-0x000000001AE81000-memory.dmp

Filesize
4KB

Download
memory/2184-10-0x000000001B610000-0x000000001B6C2000-memory.dmp

Filesize
712KB

Download
memory/2184-11-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

Filesize
9.9MB

Download
memory/2184-12-0x000000001AE90000-0x000000001AF10000-memory.dmp

Filesize
512KB

Download
memory/2184-14-0x00000000021E0000-0x00000000021EA000-memory.dmp

Filesize
40KB

Download
memory/2184-13-0x00000000021E0000-0x00000000021EA000-memory.dmp

Filesize
40KB

Download
memory/2184-15-0x000000001AE90000-0x000000001AF10000-memory.dmp

Filesize
512KB

Download
memory/2184-16-0x000000001AE90000-0x000000001AF10000-memory.dmp

Filesize
512KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads