5cf996f0ada84c2b8d3c3749c8046a0328aa5708a5cf19ac73df822ee8a22661

Analysis

max time kernel
150s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 07:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4ad2f7f65fe1678d56b8aa5768323e91.exe
Size

211KB
MD5

4ad2f7f65fe1678d56b8aa5768323e91
SHA1

62073cdd5efebc468fd7edec605dd10537e0b7ab
SHA256

5cf996f0ada84c2b8d3c3749c8046a0328aa5708a5cf19ac73df822ee8a22661
SHA512

e8700f9933216613ce8dbd508cd4ac8e25c4409d45b7a787f446279ba35e819b84a3cad5c97bd17938aa4eba869e2cc71c282f956d14dec3fcb5cc2d97470947
SSDEEP

3072:B0Ve+47uxdijQhG8obrGYsyc3jhog78UathD5KhIYFGcOL+:BJPyxs9baYsyc377FK4IYFQS

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
2228	4ad2f7f65fe1678d56b8aa5768323e91.exe
2228	4ad2f7f65fe1678d56b8aa5768323e91.exe
2228	4ad2f7f65fe1678d56b8aa5768323e91.exe
2636	svchost.exe
2652	svchost.exe
2636	svchost.exe
2652	svchost.exe
2636	svchost.exe
2652	svchost.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2228	4ad2f7f65fe1678d56b8aa5768323e91.exe
2228	4ad2f7f65fe1678d56b8aa5768323e91.exe
2228	4ad2f7f65fe1678d56b8aa5768323e91.exe

Suspicious behavior: MapViewOfSection 3 IoCs

pid	Process
2228	4ad2f7f65fe1678d56b8aa5768323e91.exe
2228	4ad2f7f65fe1678d56b8aa5768323e91.exe
2228	4ad2f7f65fe1678d56b8aa5768323e91.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2228	4ad2f7f65fe1678d56b8aa5768323e91.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2636	2228	4ad2f7f65fe1678d56b8aa5768323e91.exe	30
PID 2228 wrote to memory of 2636	2228	4ad2f7f65fe1678d56b8aa5768323e91.exe	30
PID 2228 wrote to memory of 2636	2228	4ad2f7f65fe1678d56b8aa5768323e91.exe	30
PID 2228 wrote to memory of 2636	2228	4ad2f7f65fe1678d56b8aa5768323e91.exe	30
PID 2228 wrote to memory of 2652	2228	4ad2f7f65fe1678d56b8aa5768323e91.exe	29
PID 2228 wrote to memory of 2652	2228	4ad2f7f65fe1678d56b8aa5768323e91.exe	29
PID 2228 wrote to memory of 2652	2228	4ad2f7f65fe1678d56b8aa5768323e91.exe	29
PID 2228 wrote to memory of 2652	2228	4ad2f7f65fe1678d56b8aa5768323e91.exe	29
PID 2228 wrote to memory of 2712	2228	4ad2f7f65fe1678d56b8aa5768323e91.exe	28
PID 2228 wrote to memory of 2712	2228	4ad2f7f65fe1678d56b8aa5768323e91.exe	28
PID 2228 wrote to memory of 2712	2228	4ad2f7f65fe1678d56b8aa5768323e91.exe	28
PID 2228 wrote to memory of 2712	2228	4ad2f7f65fe1678d56b8aa5768323e91.exe	28

C:\Users\Admin\AppData\Local\Temp\4ad2f7f65fe1678d56b8aa5768323e91.exe
"C:\Users\Admin\AppData\Local\Temp\4ad2f7f65fe1678d56b8aa5768323e91.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe"
  2⤵
  PID:2712
- C:\Windows\SysWOW64\svchost.exe
  -k netsvcs
  2⤵
  - Loads dropped DLL
  PID:2652
- C:\Windows\SysWOW64\svchost.exe
  -k netsvcs
  2⤵
  - Loads dropped DLL
  PID:2636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3821.tmp

Filesize
170KB

MD5
c5be42a23a6071c4b2edb6bbb41a6480

SHA1
accfc75c4ffbdce59c728db8eef9c5b1408cd88e

SHA256
22019e18ce24b194fcddb01ab1c80f0a318d4835fbbe5a86bef6c420288ad103

SHA512
4728e026486400dffcb085d11eb00b755a4e0e65b1fb091a4bde53bfd9ee92ffcfede0d60ca159bd8b3bc0b49a32d2597957c2c7346c41bcff2098b96973825c

Download Submit
C:\Users\Admin\AppData\Local\Temp\3840.tmp

Filesize
240KB

MD5
fb6caed5e262cb253adb799de0cb8804

SHA1
410fde3bb2c3fd4435e783b2e72f66bc1e1279cc

SHA256
5e168e26753c267059ce5cf627f1daffa6b319bd84485539b004ca7264501621

SHA512
71b25b3fe8a826fe9698e924ebffae78d1c450fa490e61081799b044eb8f276240ce634e2d35607d703c1f63ff063321edd4507b9c76d3941e1a2045e64cd58d

Download Submit
\Users\Admin\AppData\Local\Temp\3553.tmp

Filesize
740KB

MD5
f6e8a532e9d76a3dca1c72fa7b42ddf9

SHA1
56ee547501ddb32ff0d57d54f644c21dff8750ce

SHA256
00db86d60fb5d7f1f066c4374bdb542694577a3fb776ddde6b08152d17b409e3

SHA512
bbc2fec507912908cf42a7cdea419a61ce63b239aeda9098b97391b50f92eef9977505f5cee5f74d3593677a178b4ce4035f8f69b0ec7d0285ca680c3d080a25

Download Submit
\Users\Admin\AppData\Local\Temp\35A2.tmp

Filesize
134KB

MD5
7257ccdb418b16605e0a51f9189c09b8

SHA1
70114ee4f86982ed868575f67ae7777898333fb7

SHA256
76d8c6185ee4761e7c6fab1d3f100fd5229a380077dff869faa60a44334b16e4

SHA512
cced65b7613bea04b9fac589592b2665a0eea3fbf0c376651d2d41458aee93feb5a4ed8a96d81e2e41fd5f1dc70edfaa1574c116206b5c3de71e89ad5edf65d6

Download Submit
\Users\Admin\AppData\Local\Temp\35D2.tmp

Filesize
51KB

MD5
c4b5592d6a52fbe9a804dadf11ae2f44

SHA1
7335b737ff271c3eee1776a14abe5401072c5919

SHA256
1bf887a3ed4433f09c4756546c3d7bf57cf90f32a6a1b6a61fad08fff0041611

SHA512
4b1b9041f0b12b5038537f3db97f99d88e0b805a90b440979ec5f40ea865977dc65391bf336cff1de236445bb18ecdf178552cbedbfec545cca520ac6a8754b9

Download Submit
\Users\Admin\AppData\Local\Temp\3811.tmp

Filesize
311KB

MD5
4ed315ed51a4a9a780a06baca37a79cd

SHA1
6dd2a58ac63a805f74deaa46bc9cf3a96eaf3629

SHA256
121931fcce92c3323f8949ed5afdb3ce883acdf50defd7d7b18bb110c7dd60c2

SHA512
dde754467f5585169e7809f405c45b6697b7b499f3c83bfff57b84df5162c13c0402b195611905109a0272a2bb253ec15872b32a15a428fa62219fd8c7469d7c

Download Submit
\Users\Admin\AppData\Local\Temp\3821.tmp

Filesize
262KB

MD5
d63ca53ac1c55822ded17718f57b5955

SHA1
61322d19392c0fdf8933c2423a8661af4171443c

SHA256
2a7c0a8ab1ee997b8ebcc333d8f9a19ebf5c9cbbd4c02bc855b67eeccf6e4982

SHA512
57be9133b4f5a73127ec0f1fe17d539f42dcc1c60f7a83ff1628c484f7ca272738810f175be5db3d98cac6b69929f7dcd49a7c360f524a8d8f7e8cd56b2bbfb7

Download Submit
\Users\Admin\AppData\Local\Temp\3840.tmp

Filesize
252KB

MD5
3fd3892bea86d38c6a39fd546a00ec49

SHA1
fa2fd932a4f6f7f81d9b29595eb81ae74ff945c0

SHA256
24f5e9ea4b7b4256fa85775a25e05d048eaac2344d68c9fcdd8af6498b8745ae

SHA512
d6029831fa0f03f6575e09bfbefed99db3bce253c22fbd5d4127c4b001b39bb0084a9669b43d582ba1dae85232819424b4fbfa15c199f4dfcc66a848431e05d6

Download Submit
\Users\Admin\AppData\Local\Temp\3860.tmp

Filesize
239KB

MD5
fd7050b78497f76252d94a9aa42a2793

SHA1
b5d713d5caacc7988fc387fa2a48c2eb615b7e48

SHA256
6f102496c82a3715721ba87d56150c57fdf1bad9111af8c675028a8ca0415632

SHA512
babc836762e39618fdf0b9efb561c18274bebf66c10a34af53e34ee1a43e835382020b7490b1b06fff100a8ad2ca841e8a95ecc28ca90918144ee4f4520ba3f1

Download Submit
\Users\Admin\AppData\Local\Temp\3870.tmp

Filesize
116KB

MD5
cd9c155e25646f5bb943ac6455bc19bd

SHA1
42fd47b77bdf8c5fde3520ea0891c3a00bd2117d

SHA256
3f8a2805d0951f84cc382f9d71e0da6780845b732039ea71289c56152a3de361

SHA512
58d71d471ea2419f1d9e7828d3aaa9c0d09571fc627ffcdcb27d4cc961b04c70d38b2f25da18411d34af0736461f3b5c15e184c64026f86d472737e146bdc278

Download Submit
\Users\Admin\AppData\Local\Temp\3880.tmp

Filesize
202KB

MD5
7ff15a4f092cd4a96055ba69f903e3e9

SHA1
a3d338a38c2b92f95129814973f59446668402a8

SHA256
1b594e6d057c632abb3a8cf838157369024bd6b9f515ca8e774b22fe71a11627

SHA512
4b015d011c14c7e10568c09bf81894681535efb7d76c3ef9071fffb3837f62b36e695187b2d32581a30f07e79971054e231a2ca4e8ad7f0f83d5876f8c086dae

Download Submit
memory/2228-56-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-32-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-62-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-64-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-66-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-70-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-72-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-68-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-17-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-36-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-35-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-22-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-11-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-85-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/2228-1-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2228-18-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-19-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-77-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2228-75-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-74-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-63-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-61-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-60-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-59-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-58-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-0-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/2228-55-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-54-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-53-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-52-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-51-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-50-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-49-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-48-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-47-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-46-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-45-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-44-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-43-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-42-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-41-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-40-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-39-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-37-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-34-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-33-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-57-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-31-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-30-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-29-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-28-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-27-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-26-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-25-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-24-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-21-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2228-20-0x0000000000310000-0x0000000000319000-memory.dmp

Filesize
36KB

Download
memory/2636-79-0x0000000000080000-0x00000000000BE000-memory.dmp

Filesize
248KB

Download
memory/2636-97-0x0000000000080000-0x00000000000BE000-memory.dmp

Filesize
248KB

Download
memory/2636-103-0x0000000000080000-0x00000000000BE000-memory.dmp

Filesize
248KB

Download
memory/2652-83-0x0000000000080000-0x00000000000BE000-memory.dmp

Filesize
248KB

Download
memory/2652-104-0x0000000000080000-0x00000000000BE000-memory.dmp

Filesize
248KB

Download