33df3c9644961a47680d842248dad9e2aedbe9e7344c5499ffe56dd688ebbb9f

Analysis

max time kernel
161s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4bf04e6b1c367f4beebeddf4c91a923e.exe
Size

537KB
MD5

4bf04e6b1c367f4beebeddf4c91a923e
SHA1

a95b05d787a1627849fee3bbf03ccdbef98260d8
SHA256

33df3c9644961a47680d842248dad9e2aedbe9e7344c5499ffe56dd688ebbb9f
SHA512

c58218088fbe2a85619a23649e9594f23d3d4d85f2cc961d07b8ef59b1fe7d1fcad8f9dd8364b35e0a4e40cf34d4f8c6155bfde24f038d5d1f121840bc1dc708
SSDEEP

12288:DbhRToCzj8Q0L0yVXZKPGFbtmUrHjOYNlY38S/A+3S:DbnTbnyVJKcZZHjTNOXA6S

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2404	360safe.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\UNINSTAL.BAT	4bf04e6b1c367f4beebeddf4c91a923e.exe
File created	C:\Windows\360safe.exe	4bf04e6b1c367f4beebeddf4c91a923e.exe
File opened for modification	C:\Windows\360safe.exe	4bf04e6b1c367f4beebeddf4c91a923e.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3108	4bf04e6b1c367f4beebeddf4c91a923e.exe
Token: SeDebugPrivilege	2404	360safe.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2404	360safe.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 1320	2404	360safe.exe	94
PID 2404 wrote to memory of 1320	2404	360safe.exe	94
PID 3108 wrote to memory of 460	3108	4bf04e6b1c367f4beebeddf4c91a923e.exe	97
PID 3108 wrote to memory of 460	3108	4bf04e6b1c367f4beebeddf4c91a923e.exe	97
PID 3108 wrote to memory of 460	3108	4bf04e6b1c367f4beebeddf4c91a923e.exe	97

C:\Users\Admin\AppData\Local\Temp\4bf04e6b1c367f4beebeddf4c91a923e.exe
"C:\Users\Admin\AppData\Local\Temp\4bf04e6b1c367f4beebeddf4c91a923e.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\UNINSTAL.BAT
  2⤵
  PID:460

C:\Windows\360safe.exe
C:\Windows\360safe.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:1320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 3108 -ip 3108
1⤵
PID:1276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\360safe.exe

Filesize
537KB

MD5
4bf04e6b1c367f4beebeddf4c91a923e

SHA1
a95b05d787a1627849fee3bbf03ccdbef98260d8

SHA256
33df3c9644961a47680d842248dad9e2aedbe9e7344c5499ffe56dd688ebbb9f

SHA512
c58218088fbe2a85619a23649e9594f23d3d4d85f2cc961d07b8ef59b1fe7d1fcad8f9dd8364b35e0a4e40cf34d4f8c6155bfde24f038d5d1f121840bc1dc708

Download Submit
C:\Windows\UNINSTAL.BAT

Filesize
186B

MD5
7e0f9d10bfe62f20ababca814960313a

SHA1
e5635136c2468c8ae8d40f52f342bc7e2cbde2e9

SHA256
c02aff02cbdfb4a35ec29d7ab38a2672f7220f0ac6a722df32d429bdb7577a65

SHA512
7768d0a2a824d1ad3c8ec8d4ebd85dea650d56c35b19b046e8d7ee5ebacf05099224817cb846f4f38b0cde91d4512a377b9e4c74cf0a34aa45bdf51ad8a1ca37

Download Submit
memory/3108-0-0x0000000000400000-0x00000000005A2000-memory.dmp

Filesize
1.6MB

Download
memory/3108-1-0x0000000000400000-0x00000000005A2000-memory.dmp

Filesize
1.6MB

Download
memory/3108-2-0x0000000000970000-0x0000000000971000-memory.dmp

Filesize
4KB

Download
memory/3108-3-0x0000000002370000-0x00000000023BB000-memory.dmp

Filesize
300KB

Download
memory/3108-4-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/3108-5-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/3108-6-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/3108-7-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/3108-8-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/3108-9-0x0000000002B30000-0x0000000002B33000-memory.dmp

Filesize
12KB

Download
memory/3108-10-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/3108-12-0x0000000002B80000-0x0000000002B81000-memory.dmp

Filesize
4KB

Download
memory/3108-11-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/3108-13-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/3108-14-0x0000000000970000-0x0000000000971000-memory.dmp

Filesize
4KB

Download
memory/3108-15-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/3108-16-0x0000000002B50000-0x0000000002B51000-memory.dmp

Filesize
4KB

Download
memory/3108-17-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/3108-18-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/3108-19-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/3108-20-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/3108-21-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/3108-22-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3108-23-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/3108-24-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/3108-25-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3108-26-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

Filesize
4KB

Download
memory/3108-27-0x0000000002BC0000-0x0000000002BC1000-memory.dmp

Filesize
4KB

Download
memory/3108-28-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

Filesize
4KB

Download
memory/3108-29-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

Filesize
4KB

Download
memory/3108-30-0x0000000002C10000-0x0000000002C11000-memory.dmp

Filesize
4KB

Download
memory/3108-31-0x0000000002C00000-0x0000000002C01000-memory.dmp

Filesize
4KB

Download
memory/3108-32-0x0000000002D30000-0x0000000002D31000-memory.dmp

Filesize
4KB

Download
memory/3108-33-0x0000000002D20000-0x0000000002D21000-memory.dmp

Filesize
4KB

Download
memory/3108-34-0x0000000002D50000-0x0000000002D51000-memory.dmp

Filesize
4KB

Download
memory/3108-35-0x0000000002D40000-0x0000000002D41000-memory.dmp

Filesize
4KB

Download
memory/3108-37-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/3108-36-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/3108-38-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download
memory/3108-39-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/3108-41-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3108-40-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/3108-42-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

Filesize
4KB

Download
memory/3108-43-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/3108-45-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/3108-44-0x0000000002F30000-0x0000000002F31000-memory.dmp

Filesize
4KB

Download
memory/3108-47-0x0000000002F50000-0x0000000002F51000-memory.dmp

Filesize
4KB

Download
memory/3108-46-0x0000000002F60000-0x0000000002F61000-memory.dmp

Filesize
4KB

Download
memory/3108-48-0x0000000002F40000-0x0000000002F41000-memory.dmp

Filesize
4KB

Download
memory/3108-49-0x0000000002F90000-0x0000000002F91000-memory.dmp

Filesize
4KB

Download
memory/3108-50-0x0000000002F80000-0x0000000002F81000-memory.dmp

Filesize
4KB

Download
memory/3108-51-0x0000000002FB0000-0x0000000002FB1000-memory.dmp

Filesize
4KB

Download
memory/3108-52-0x0000000002FA0000-0x0000000002FA1000-memory.dmp

Filesize
4KB

Download
memory/3108-53-0x0000000002FD0000-0x0000000002FD1000-memory.dmp

Filesize
4KB

Download
memory/3108-54-0x0000000002FC0000-0x0000000002FC1000-memory.dmp

Filesize
4KB

Download
memory/3108-55-0x0000000002FF0000-0x0000000002FF1000-memory.dmp

Filesize
4KB

Download
memory/3108-56-0x0000000002FE0000-0x0000000002FE1000-memory.dmp

Filesize
4KB

Download
memory/3108-58-0x0000000003000000-0x0000000003001000-memory.dmp

Filesize
4KB

Download
memory/3108-57-0x0000000003010000-0x0000000003011000-memory.dmp

Filesize
4KB

Download
memory/3108-59-0x0000000003030000-0x0000000003031000-memory.dmp

Filesize
4KB

Download
memory/3108-60-0x0000000003020000-0x0000000003021000-memory.dmp

Filesize
4KB

Download
memory/3108-61-0x0000000003390000-0x0000000003391000-memory.dmp

Filesize
4KB

Download
memory/3108-62-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/3108-63-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download