Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
07-01-2024 03:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
47e8bc16b73e0b596bbbc46351286b00.exe
Resource
win7-20231215-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
47e8bc16b73e0b596bbbc46351286b00.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
47e8bc16b73e0b596bbbc46351286b00.exe
-
Size
268KB
-
MD5
47e8bc16b73e0b596bbbc46351286b00
-
SHA1
e546f4ccc47dceb9e00a063cfd0d61726fbcabe5
-
SHA256
5d969d5f7d5959816f37a84675bd500a2a1a62ecba2a025821ddc19f31d838ba
-
SHA512
696d8969e30a3563c2f09e381ca037d4dad70da711bd48f64e1d2cd60c8c5718aad62602c6faf555515a3d1982ed0241aa707296f80240d9ef4e7a75aed01d1a
-
SSDEEP
6144:wpS0Vsr3BKqhofhGjgwFrVVkyZ5X0oCUKFJSl/lD:csr3BKqhofcRFrJ5lKFJc/lD
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2724 cmd.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\1.1 47e8bc16b73e0b596bbbc46351286b00.exe File opened for modification C:\Windows\k.k 47e8bc16b73e0b596bbbc46351286b00.exe File opened for modification C:\Windows\26111.exe 47e8bc16b73e0b596bbbc46351286b00.exe File created C:\Windows\killme.bat 47e8bc16b73e0b596bbbc46351286b00.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe 2196 47e8bc16b73e0b596bbbc46351286b00.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeSystemtimePrivilege 2196 47e8bc16b73e0b596bbbc46351286b00.exe Token: SeSystemtimePrivilege 2196 47e8bc16b73e0b596bbbc46351286b00.exe Token: SeSystemtimePrivilege 2196 47e8bc16b73e0b596bbbc46351286b00.exe Token: SeSystemtimePrivilege 2196 47e8bc16b73e0b596bbbc46351286b00.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2196 47e8bc16b73e0b596bbbc46351286b00.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2196 wrote to memory of 2724 2196 47e8bc16b73e0b596bbbc46351286b00.exe 28 PID 2196 wrote to memory of 2724 2196 47e8bc16b73e0b596bbbc46351286b00.exe 28 PID 2196 wrote to memory of 2724 2196 47e8bc16b73e0b596bbbc46351286b00.exe 28 PID 2196 wrote to memory of 2724 2196 47e8bc16b73e0b596bbbc46351286b00.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\47e8bc16b73e0b596bbbc46351286b00.exe"C:\Users\Admin\AppData\Local\Temp\47e8bc16b73e0b596bbbc46351286b00.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\killme.bat2⤵
- Deletes itself
PID:2724
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
154B
MD5ab70f0a721988dee5120554590c0c0a2
SHA1796144e402c1a8d00af0b1034dbd0d5a89349769
SHA2564abc3ddb7b8ab2f8bda5ecceafb3902ed93da0e50e8e169eca5e8e483ccdf3fb
SHA512f3a949d43195acaef949d84790bd321a496d80c0bdccb84b601e1d732329fe0bb502e0f82bb901f760c933945c36892086f1cdfb8f879f5dd4e242e68e7ef64c