825bd0d23e932c6d888c3ef3b33aebd53b166441b94560774dffbcaa2a7502ef

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08-01-2024 17:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c038cf83ca3aec6f4a2c94954692919.exe
Size

272KB
MD5

4c038cf83ca3aec6f4a2c94954692919
SHA1

0ac026fe2e908057791b98e64a6adf7826b278a3
SHA256

825bd0d23e932c6d888c3ef3b33aebd53b166441b94560774dffbcaa2a7502ef
SHA512

d551cf769fe80b6a18a5a63e4b6ca1667513222cbd9b557eae6d37eed8aafb2907ef614d036c7dddddc8073796570260a42a7dbf36ce2812f717a55932aa5535
SSDEEP

6144:DUzN2DmaXkT3mOde4/sbt51O5VrmJ5fh9yrHU4:DU0Dw3vdeqsbt51SrOByr0

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2400	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
320	an.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ieapfltr.dat	4c038cf83ca3aec6f4a2c94954692919.exe
File created	C:\Windows\SysWOW64\an.exe	4c038cf83ca3aec6f4a2c94954692919.exe
File opened for modification	C:\Windows\SysWOW64\an.exe	4c038cf83ca3aec6f4a2c94954692919.exe
File opened for modification	C:\Windows\SysWOW64\ieapfltr.dat	an.exe
File opened for modification	C:\Windows\SysWOW64\an.exe	an.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\uninstal.bat	4c038cf83ca3aec6f4a2c94954692919.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2208	4c038cf83ca3aec6f4a2c94954692919.exe
Token: SeDebugPrivilege	320	an.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2400	2208	4c038cf83ca3aec6f4a2c94954692919.exe	29
PID 2208 wrote to memory of 2400	2208	4c038cf83ca3aec6f4a2c94954692919.exe	29
PID 2208 wrote to memory of 2400	2208	4c038cf83ca3aec6f4a2c94954692919.exe	29
PID 2208 wrote to memory of 2400	2208	4c038cf83ca3aec6f4a2c94954692919.exe	29
PID 2208 wrote to memory of 2400	2208	4c038cf83ca3aec6f4a2c94954692919.exe	29
PID 2208 wrote to memory of 2400	2208	4c038cf83ca3aec6f4a2c94954692919.exe	29
PID 2208 wrote to memory of 2400	2208	4c038cf83ca3aec6f4a2c94954692919.exe	29

C:\Users\Admin\AppData\Local\Temp\4c038cf83ca3aec6f4a2c94954692919.exe
"C:\Users\Admin\AppData\Local\Temp\4c038cf83ca3aec6f4a2c94954692919.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\uninstal.bat
  2⤵
  - Deletes itself
  PID:2400

C:\Windows\SysWOW64\an.exe
C:\Windows\SysWOW64\an.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\an.exe

Filesize
270KB

MD5
5cdead72b9f0f4f27f6427680ebc5b62

SHA1
1056364881269f5ddd4b66ff4bd9acaa6787bd2f

SHA256
d639dabd07b50e1e15993e9c58f594bbd625c47a23b9f846928637bfaac759e6

SHA512
61b5ee0666647fbaf848cdc1ffc8d9278f692eb8d78590f9b330b7da0dc6a96ec84aeb8747ca1476e64bd0ecddc87194c3ecd1d386c6d152fd88ef42747cc015

Download Submit
C:\Windows\SysWOW64\an.exe

Filesize
272KB

MD5
4c038cf83ca3aec6f4a2c94954692919

SHA1
0ac026fe2e908057791b98e64a6adf7826b278a3

SHA256
825bd0d23e932c6d888c3ef3b33aebd53b166441b94560774dffbcaa2a7502ef

SHA512
d551cf769fe80b6a18a5a63e4b6ca1667513222cbd9b557eae6d37eed8aafb2907ef614d036c7dddddc8073796570260a42a7dbf36ce2812f717a55932aa5535

Download Submit
C:\Windows\uninstal.bat

Filesize
190B

MD5
82f26e6d412d36a5f9069932ac4fcf06

SHA1
e1a0b769c3df9d3cc8621730b695c66abf02996f

SHA256
534e25ae410cddb91251c0b7e1bedda6b1cbae361fc9d3ea580b30b9bee46d1d

SHA512
60f57bae2ef375da4cc062b211ed407469684b1a4fb3b470438feb128de49bb0788f190fcc458357a961f6bf4dac2868c59dc7fcfbe91f346e140b88ff3e6055

Download Submit
memory/320-11-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/320-9-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/320-10-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/320-12-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/320-13-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2208-6-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2208-3-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2208-7-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2208-0-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2208-1-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2208-2-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download