Overview

overview

7

Static

static

3

4c81806e22...ad.exe

windows7-x64

7

4c81806e22...ad.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    154s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 01:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c81806e223c8b1ba210caf449c964ad.exe

  • Size

    315KB

  • MD5

    4c81806e223c8b1ba210caf449c964ad

  • SHA1

    4fc52505d433fe5f7926fd53d81da8fae7864add

  • SHA256

    77bc94ec6b1203ccd3dd46b344d8b95de8436e1a0d768d4c3c08e294c9b38a8f

  • SHA512

    e4b5ade0838a88c42043f860258bd2d24cd0bfdda45615246e12ccad95c683dfdc46ccd5b9cac1be268075cdeca6dd5369586a9b428307e031e464b57ea068db

  • SSDEEP

    6144:sPK1/SWKm+UuBuA5Xg/RzjK7Wgx1i4+pRwqImqQAz/6tzBLjAEVpH5CjKRRsVjCi:E3yI42XsVj01iB8YLpH4KRRs5C3S

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c81806e223c8b1ba210caf449c964ad.exe
    "C:\Users\Admin\AppData\Local\Temp\4c81806e223c8b1ba210caf449c964ad.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1304
    • C:\Program Files\Common Files\Microsoft Shared\MSInfo\Clsivl.bat
      "C:\Program Files\Common Files\Microsoft Shared\MSInfo\Clsivl.bat"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 276
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2668
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\system32\Deleteme.bat
      2⤵
      • Deletes itself
      PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Deleteme.bat
    Filesize

    184B

    MD5

    983560ee5ed1a0e2bc095ecf6434e015

    SHA1

    af6376a54181fb971653f456c878316b9c8c5227

    SHA256

    5e06e3917e301d2f68bb2ffa016810d32c0618985320cc7ae9d2d9ef32e8936b

    SHA512

    7d038fa9295d36e7047caa7f23088c129e91fca44752aafb1222acd34db70de9782750cd153fb586529fccee16f2456c4201936ecaa70bb87334f3c999f7a950

    Download Submit

  • \Program Files\Common Files\Microsoft Shared\MSInfo\Clsivl.bat
    Filesize

    315KB

    MD5

    4c81806e223c8b1ba210caf449c964ad

    SHA1

    4fc52505d433fe5f7926fd53d81da8fae7864add

    SHA256

    77bc94ec6b1203ccd3dd46b344d8b95de8436e1a0d768d4c3c08e294c9b38a8f

    SHA512

    e4b5ade0838a88c42043f860258bd2d24cd0bfdda45615246e12ccad95c683dfdc46ccd5b9cac1be268075cdeca6dd5369586a9b428307e031e464b57ea068db

    Download Submit

  • memory/1304-1-0x0000000000400000-0x0000000000516000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1304-2-0x0000000000400000-0x0000000000516000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1304-3-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1304-6-0x0000000000400000-0x0000000000516000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1304-13-0x0000000000400000-0x0000000000516000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1304-16-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1304-33-0x0000000000400000-0x0000000000516000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2752-17-0x0000000000400000-0x0000000000516000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2752-18-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2752-22-0x0000000000400000-0x0000000000516000-memory.dmp

    Filesize

    1.1MB

    Download