Overview

overview

7

Static

static

3

4c81806e22...ad.exe

windows7-x64

7

4c81806e22...ad.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    156s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2024 01:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c81806e223c8b1ba210caf449c964ad.exe

  • Size

    315KB

  • MD5

    4c81806e223c8b1ba210caf449c964ad

  • SHA1

    4fc52505d433fe5f7926fd53d81da8fae7864add

  • SHA256

    77bc94ec6b1203ccd3dd46b344d8b95de8436e1a0d768d4c3c08e294c9b38a8f

  • SHA512

    e4b5ade0838a88c42043f860258bd2d24cd0bfdda45615246e12ccad95c683dfdc46ccd5b9cac1be268075cdeca6dd5369586a9b428307e031e464b57ea068db

  • SSDEEP

    6144:sPK1/SWKm+UuBuA5Xg/RzjK7Wgx1i4+pRwqImqQAz/6tzBLjAEVpH5CjKRRsVjCi:E3yI42XsVj01iB8YLpH4KRRs5C3S

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c81806e223c8b1ba210caf449c964ad.exe
    "C:\Users\Admin\AppData\Local\Temp\4c81806e223c8b1ba210caf449c964ad.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4904
    • C:\Program Files\Common Files\Microsoft Shared\MSInfo\Clsivl.bat
      "C:\Program Files\Common Files\Microsoft Shared\MSInfo\Clsivl.bat"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1632
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
          PID:1592
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\Deleteme.bat
        2⤵
          PID:4564

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\Common Files\microsoft shared\MSInfo\Clsivl.bat
        Filesize

        315KB

        MD5

        4c81806e223c8b1ba210caf449c964ad

        SHA1

        4fc52505d433fe5f7926fd53d81da8fae7864add

        SHA256

        77bc94ec6b1203ccd3dd46b344d8b95de8436e1a0d768d4c3c08e294c9b38a8f

        SHA512

        e4b5ade0838a88c42043f860258bd2d24cd0bfdda45615246e12ccad95c683dfdc46ccd5b9cac1be268075cdeca6dd5369586a9b428307e031e464b57ea068db

        Download Submit

      • C:\Windows\SysWOW64\Deleteme.bat
        Filesize

        184B

        MD5

        983560ee5ed1a0e2bc095ecf6434e015

        SHA1

        af6376a54181fb971653f456c878316b9c8c5227

        SHA256

        5e06e3917e301d2f68bb2ffa016810d32c0618985320cc7ae9d2d9ef32e8936b

        SHA512

        7d038fa9295d36e7047caa7f23088c129e91fca44752aafb1222acd34db70de9782750cd153fb586529fccee16f2456c4201936ecaa70bb87334f3c999f7a950

        Download Submit

      • memory/1632-12-0x0000000000400000-0x0000000000516000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/1632-14-0x0000000000800000-0x0000000000801000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1632-17-0x0000000000400000-0x0000000000516000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/4904-0-0x0000000000400000-0x0000000000516000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/4904-1-0x0000000000400000-0x0000000000516000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/4904-2-0x0000000000400000-0x0000000000516000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/4904-3-0x0000000000830000-0x0000000000831000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4904-6-0x0000000000400000-0x0000000000516000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/4904-13-0x0000000000830000-0x0000000000831000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4904-18-0x0000000000400000-0x0000000000516000-memory.dmp

        Filesize

        1.1MB

        Download