412792f9cfb8d675ed37d78c6f088c15518ddc0a81895ca672a518c5cd31b5b0

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 14:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53bc4d0f4ebd4e0e32d145bd884755f3.exe
Size

359KB
MD5

53bc4d0f4ebd4e0e32d145bd884755f3
SHA1

f5b6944402afe901fc9347b6e61d0ab87ac84903
SHA256

412792f9cfb8d675ed37d78c6f088c15518ddc0a81895ca672a518c5cd31b5b0
SHA512

76d9c9f578d7e3646c6f5238b61611230f4c88f4d6a360ba1aa3ac0917f3aacf50e553b124c4a8f6420b04a1b9d878a22b735bd07709f671b840e84f8e78bab8
SSDEEP

6144:SqmkXfILgM2u+nmzK6QgSuHL5vj6pNyAxrcxnE1CQcYI8+yXObxKqG9sK5RY:Sqm4fIEGpzK6FSkFvzAeF0CxYgdbh+RY

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1940	cmd.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rsaauto.bak	53bc4d0f4ebd4e0e32d145bd884755f3.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\systom32\	53bc4d0f4ebd4e0e32d145bd884755f3.exe
File created	C:\Windows\systom32\schrars.exe	53bc4d0f4ebd4e0e32d145bd884755f3.exe
File opened for modification	C:\Windows\systom32\schrars.exe	53bc4d0f4ebd4e0e32d145bd884755f3.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
468	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeRestorePrivilege	2312	53bc4d0f4ebd4e0e32d145bd884755f3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 1940	2312	53bc4d0f4ebd4e0e32d145bd884755f3.exe	28
PID 2312 wrote to memory of 1940	2312	53bc4d0f4ebd4e0e32d145bd884755f3.exe	28
PID 2312 wrote to memory of 1940	2312	53bc4d0f4ebd4e0e32d145bd884755f3.exe	28
PID 2312 wrote to memory of 1940	2312	53bc4d0f4ebd4e0e32d145bd884755f3.exe	28

C:\Users\Admin\AppData\Local\Temp\53bc4d0f4ebd4e0e32d145bd884755f3.exe
"C:\Users\Admin\AppData\Local\Temp\53bc4d0f4ebd4e0e32d145bd884755f3.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Windows\SysWOW64\cmd.exe
  cmd /c afc9fe2f418b00a0.bat
  2⤵
  - Deletes itself
  PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\afc9fe2f418b00a0.bat

Filesize
2KB

MD5
29f7666d85e6af44f55297359ffc0c0c

SHA1
5d3a809da42518aa62cd8c3d32dddce8487eb591

SHA256
4e9bb0075e15c840d9eb3feed302e174c5f09646d9ba6723a09882219396eb11

SHA512
826b6831e394eba83b330739f747153f6a3d6839801c1789a7ba8c69802436dc06fa971f6f013f41c21f78b5979e78fc5094c8e6abda605e49d2979eee237f6f

Download Submit
memory/2312-15-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2312-25-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/2312-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2312-2-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2312-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2312-9-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/2312-8-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2312-10-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2312-11-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2312-12-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2312-16-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

Filesize
4KB

Download
memory/2312-0-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2312-3-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2312-14-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2312-20-0x0000000001F20000-0x0000000001F21000-memory.dmp

Filesize
4KB

Download
memory/2312-18-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

Filesize
4KB

Download
memory/2312-19-0x0000000001F30000-0x0000000001F31000-memory.dmp

Filesize
4KB

Download
memory/2312-21-0x0000000001F10000-0x0000000001F11000-memory.dmp

Filesize
4KB

Download
memory/2312-17-0x0000000000770000-0x0000000000771000-memory.dmp

Filesize
4KB

Download
memory/2312-23-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/2312-22-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/2312-24-0x0000000001F60000-0x0000000001F61000-memory.dmp

Filesize
4KB

Download
memory/2312-13-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2312-1-0x0000000000340000-0x000000000039A000-memory.dmp

Filesize
360KB

Download
memory/2312-36-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2312-37-0x0000000000340000-0x000000000039A000-memory.dmp

Filesize
360KB

Download