cc93bc8c45a9c5c600b7b57c669e4568e291d79ac3d6e5620f5e7542737e8331

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

498bb93a45e57ad3481a0861000b0460.exe
Size

1.7MB
MD5

498bb93a45e57ad3481a0861000b0460
SHA1

c28a4f1219e420f8dcdb3366abaf1c97b263b49a
SHA256

cc93bc8c45a9c5c600b7b57c669e4568e291d79ac3d6e5620f5e7542737e8331
SHA512

d54c3a7f3e4c6c43bbb624186724e7e3437dae432090d8c2aa15ed43e3f938306c1ba98150296d2ec1bfc421fffdbb963349948a3003eaa3c8ce839df925da97
SSDEEP

24576:k4xdp972fBKEvinez5DjnsZU4ubTyGMPE67HmAfJ5k6bqCVbgkt1G4TgUB/twC4w:k4OsENtjZgAgqCh75tKD

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2876	AcroRd32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2180	498bb93a45e57ad3481a0861000b0460.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2876	AcroRd32.exe
2876	AcroRd32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2684	2180	498bb93a45e57ad3481a0861000b0460.exe	28
PID 2180 wrote to memory of 2684	2180	498bb93a45e57ad3481a0861000b0460.exe	28
PID 2180 wrote to memory of 2684	2180	498bb93a45e57ad3481a0861000b0460.exe	28
PID 2180 wrote to memory of 2684	2180	498bb93a45e57ad3481a0861000b0460.exe	28
PID 2180 wrote to memory of 2684	2180	498bb93a45e57ad3481a0861000b0460.exe	28
PID 2180 wrote to memory of 2684	2180	498bb93a45e57ad3481a0861000b0460.exe	28
PID 2180 wrote to memory of 2684	2180	498bb93a45e57ad3481a0861000b0460.exe	28
PID 2684 wrote to memory of 2876	2684	rundll32.exe	29
PID 2684 wrote to memory of 2876	2684	rundll32.exe	29
PID 2684 wrote to memory of 2876	2684	rundll32.exe	29
PID 2684 wrote to memory of 2876	2684	rundll32.exe	29

C:\Users\Admin\AppData\Local\Temp\498bb93a45e57ad3481a0861000b0460.exe
"C:\Users\Admin\AppData\Local\Temp\498bb93a45e57ad3481a0861000b0460.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Scvhost
  2⤵
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Scvhost"
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Scvhost

Filesize
160KB

MD5
aa502eeaa67900b65298deaaf2f89176

SHA1
d79e514be10ba3b4a400dcfbedf8fd8438fa75bc

SHA256
dde6bd514f18c3a0097e03ec99222b1f697bfbe03a5c922f1dbf1748c044d619

SHA512
f94a3dd002f68b8e44694b99119e08ca5bd1f5f3a98cbf7f2d47aa4c788655b663e92ee7a50126f683f4a1c5e4c8ceee5bf68b249ce597349bce60aa2dc60721

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
bcf16bb1ff7e1776c558a5ec79f8838d

SHA1
9f56d3e634374b60d6d1e00a2f18f20de8a223e5

SHA256
043f0143a5b729222501704930267572105fa814bce18e082df74412f71f48b7

SHA512
6b6735691aee8071e9525a1618b372a25c6aac24ce45b420f77a2e1d576fcd6b1f12ca9a9a5050cba9d679453b1d8e6897c89cd8a18205c6eb2f281ebd5676a9

Download Submit
memory/2180-67-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-1-0x0000000073E40000-0x00000000743EB000-memory.dmp

Filesize
5.7MB

Download
memory/2180-9-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-61-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-21-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-27-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-35-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-41-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-39-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-43-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-49-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-55-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-59-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-57-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-63-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-69-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-0-0x0000000073E40000-0x00000000743EB000-memory.dmp

Filesize
5.7MB

Download
memory/2180-65-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-17-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-6-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-47-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-51-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-45-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-37-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-33-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-31-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-29-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-25-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-23-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-19-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-15-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-13-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-11-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-7-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-432-0x0000000073E40000-0x00000000743EB000-memory.dmp

Filesize
5.7MB

Download
memory/2180-53-0x0000000004FF0000-0x000000000510F000-memory.dmp

Filesize
1.1MB

Download
memory/2180-2-0x0000000000930000-0x0000000000970000-memory.dmp

Filesize
256KB

Download