Overview

overview

10

Static

static

3

481f90a153...09.exe

windows7-x64

3

481f90a153...09.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    163s
  • max time network
    173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-01-2024 05:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    481f90a1533223b37513642e6d63bb09.exe

  • Size

    76KB

  • MD5

    481f90a1533223b37513642e6d63bb09

  • SHA1

    19cf88c6c792515d02ee0723f5feb7d0e8e9cb55

  • SHA256

    22a83e6d0442a59aa497e6438a3bb2c6f8232284cfb7ff0cc8897c90eadb5931

  • SHA512

    482101830f63152183e3e5a9ed4c257d7963fcd031552ea04b158e694f9640b779cbae806220e2e3a81442efe93fc71721db6b8799ff1dc43c31a2f22312225f

  • SSDEEP

    1536:abQp1sBvlV0euusG80GS4KshictqhX7xMaB5z4YwB28UwnAScJWS:a8pOlV0BvG8tS4NictqxP4X24A7T

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:628
    • C:\Users\Admin\AppData\Local\Temp\481f90a1533223b37513642e6d63bb09.exe
      "C:\Users\Admin\AppData\Local\Temp\481f90a1533223b37513642e6d63bb09.exe"
      1⤵
      • Modifies WinLogon for persistence
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3180

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    1
    T1547

    Winlogon Helper DLL

    1
    T1547.004

    Privilege Escalation

    Boot or Logon Autostart Execution

    1
    T1547

    Winlogon Helper DLL

    1
    T1547.004

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/628-11-0x0000000000400000-0x0000000000417000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-16-0x0000000023090000-0x00000000230A7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-21-0x00000000230B0000-0x00000000230C7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-26-0x00000000230D0000-0x00000000230E7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-31-0x00000000230F0000-0x0000000023107000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-36-0x0000000023110000-0x0000000023127000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-41-0x0000000023130000-0x0000000023147000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-46-0x0000000023150000-0x0000000023167000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-51-0x0000000023170000-0x0000000023187000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-56-0x0000000023190000-0x00000000231A7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-61-0x00000000231B0000-0x00000000231C7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-66-0x00000000231D0000-0x00000000231E7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-71-0x00000000231F0000-0x0000000023207000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-76-0x0000000023210000-0x0000000023227000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-81-0x0000000023230000-0x0000000023247000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-86-0x0000000023250000-0x0000000023267000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-91-0x0000000023270000-0x0000000023287000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-96-0x0000000023290000-0x00000000232A7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-101-0x00000000232B0000-0x00000000232C7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-106-0x00000000232D0000-0x00000000232E7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-111-0x00000000232F0000-0x0000000023307000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-116-0x0000000023310000-0x0000000023327000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-121-0x0000000023330000-0x0000000023347000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-126-0x0000000023350000-0x0000000023367000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-131-0x0000000023370000-0x0000000023387000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-136-0x0000000023390000-0x00000000233A7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-141-0x00000000233B0000-0x00000000233C7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-146-0x00000000233D0000-0x00000000233E7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-151-0x00000000233F0000-0x0000000023407000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-156-0x0000000023410000-0x0000000023427000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-161-0x0000000023430000-0x0000000023447000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-166-0x0000000023450000-0x0000000023467000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-171-0x0000000023470000-0x0000000023487000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-176-0x0000000023490000-0x00000000234A7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-181-0x00000000234B0000-0x00000000234C7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-186-0x00000000234D0000-0x00000000234E7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-191-0x00000000234F0000-0x0000000023507000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-196-0x0000000023510000-0x0000000023527000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-201-0x0000000023530000-0x0000000023547000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-206-0x0000000023550000-0x0000000023567000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-211-0x0000000023570000-0x0000000023587000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-216-0x0000000023590000-0x00000000235A7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-221-0x00000000235B0000-0x00000000235C7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-226-0x00000000235D0000-0x00000000235E7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-231-0x00000000235F0000-0x0000000023607000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-236-0x0000000023610000-0x0000000023627000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-241-0x0000000023630000-0x0000000023647000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-246-0x0000000023650000-0x0000000023667000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-251-0x0000000023670000-0x0000000023687000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-256-0x0000000023690000-0x00000000236A7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-261-0x00000000236B0000-0x00000000236C7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-266-0x00000000236D0000-0x00000000236E7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-271-0x00000000236F0000-0x0000000023707000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-276-0x0000000023710000-0x0000000023727000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-281-0x0000000023730000-0x0000000023747000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-286-0x0000000023750000-0x0000000023767000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-291-0x0000000023770000-0x0000000023787000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-296-0x0000000023790000-0x00000000237A7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-301-0x00000000237B0000-0x00000000237C7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-306-0x00000000237D0000-0x00000000237E7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-311-0x00000000237F0000-0x0000000023807000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-316-0x0000000023810000-0x0000000023827000-memory.dmp
      Filesize

      92KB

      Download
    • memory/628-321-0x0000000023830000-0x0000000023847000-memory.dmp
      Filesize

      92KB

      Download
    • memory/3180-0-0x00000000006C0000-0x00000000006D2000-memory.dmp
      Filesize

      72KB

      Download
    • memory/3180-1-0x0000000000400000-0x0000000000417000-memory.dmp
      Filesize

      92KB

      Download
    • memory/3180-2-0x0000000000400000-0x0000000000417000-memory.dmp
      Filesize

      92KB

      Download