cc18e7fbd8e51a693f5ad58ecf066e0b5a070714b0bba1999fb71f10faa99699

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 23:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

54d924192efc072a662385ae959afaf6.exe
Size

700KB
MD5

54d924192efc072a662385ae959afaf6
SHA1

b27a02224b812f3086646950da0dbb18de2f8b25
SHA256

cc18e7fbd8e51a693f5ad58ecf066e0b5a070714b0bba1999fb71f10faa99699
SHA512

9187021c613b3a142e1aceea2741143605cddebb03a61a85c5c29bc518ab442ba2d0734e8946a86da261cb7a3c18f2e16a3de594bcef2ff9a1e702c61b5eb122
SSDEEP

12288:rtTYvl04iCM8NP3jOxZ3oHY4lF3Z4mxxkOceHA2QVCkh:ryvl0tCM8NP3SxZ3oHVQmXuey42

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\beep.sys	54d924192efc072a662385ae959afaf6.exe

Deletes itself 1 IoCs

pid	Process
2600	cmd.exe

Loads dropped DLL 1 IoCs

pid	Process
2980	54d924192efc072a662385ae959afaf6.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\NetNtEx.dll	54d924192efc072a662385ae959afaf6.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
480	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	2980	54d924192efc072a662385ae959afaf6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2600	2980	54d924192efc072a662385ae959afaf6.exe	16
PID 2980 wrote to memory of 2600	2980	54d924192efc072a662385ae959afaf6.exe	16
PID 2980 wrote to memory of 2600	2980	54d924192efc072a662385ae959afaf6.exe	16
PID 2980 wrote to memory of 2600	2980	54d924192efc072a662385ae959afaf6.exe	16

C:\Users\Admin\AppData\Local\Temp\54d924192efc072a662385ae959afaf6.exe
"C:\Users\Admin\AppData\Local\Temp\54d924192efc072a662385ae959afaf6.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\54D924~1.EXE > nul
  2⤵
  - Deletes itself
  PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2980-1-0x0000000000280000-0x00000000002D4000-memory.dmp

Filesize
336KB

Download
memory/2980-28-0x0000000004920000-0x0000000004921000-memory.dmp

Filesize
4KB

Download
memory/2980-35-0x0000000000280000-0x00000000002D4000-memory.dmp

Filesize
336KB

Download
memory/2980-34-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/2980-33-0x0000000003720000-0x0000000003721000-memory.dmp

Filesize
4KB

Download
memory/2980-32-0x0000000004930000-0x0000000004931000-memory.dmp

Filesize
4KB

Download
memory/2980-31-0x0000000003700000-0x0000000003701000-memory.dmp

Filesize
4KB

Download
memory/2980-30-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/2980-29-0x0000000004910000-0x0000000004913000-memory.dmp

Filesize
12KB

Download
memory/2980-27-0x0000000003710000-0x0000000003711000-memory.dmp

Filesize
4KB

Download
memory/2980-26-0x00000000037A0000-0x00000000037F4000-memory.dmp

Filesize
336KB

Download
memory/2980-24-0x0000000010000000-0x000000001006A000-memory.dmp

Filesize
424KB

Download
memory/2980-21-0x0000000003230000-0x0000000003231000-memory.dmp

Filesize
4KB

Download
memory/2980-20-0x0000000001D10000-0x0000000001D11000-memory.dmp

Filesize
4KB

Download
memory/2980-19-0x0000000003260000-0x0000000003261000-memory.dmp

Filesize
4KB

Download
memory/2980-18-0x0000000003240000-0x0000000003241000-memory.dmp

Filesize
4KB

Download
memory/2980-15-0x0000000003250000-0x0000000003251000-memory.dmp

Filesize
4KB

Download
memory/2980-13-0x0000000003220000-0x0000000003221000-memory.dmp

Filesize
4KB

Download
memory/2980-12-0x00000000031D0000-0x00000000031D2000-memory.dmp

Filesize
8KB

Download
memory/2980-11-0x00000000031E0000-0x00000000031E1000-memory.dmp

Filesize
4KB

Download
memory/2980-10-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2980-9-0x0000000001D50000-0x0000000001D51000-memory.dmp

Filesize
4KB

Download
memory/2980-8-0x0000000001D20000-0x0000000001D21000-memory.dmp

Filesize
4KB

Download
memory/2980-7-0x0000000001D30000-0x0000000001D31000-memory.dmp

Filesize
4KB

Download
memory/2980-6-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2980-5-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2980-4-0x0000000001D40000-0x0000000001D41000-memory.dmp

Filesize
4KB

Download
memory/2980-2-0x00000000008E0000-0x00000000008E1000-memory.dmp

Filesize
4KB

Download
memory/2980-0-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download