bc25f4a5eecfb787a6ec1a10fedfdd917cd186447133e1570cc688d8ea7c5549

Analysis

max time kernel
4s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc25f4a5eecfb787a6ec1a10fedfdd917cd186447133e1570cc688d8ea7c5549exe.exe
Size

45.7MB
MD5

e426703064e73cb8ee10cafe81fae857
SHA1

d9c6a5493f32e63a600146898fb30515e71a8a9a
SHA256

bc25f4a5eecfb787a6ec1a10fedfdd917cd186447133e1570cc688d8ea7c5549
SHA512

59a02a71eff50accf8a349ad94270981edc8abb92114d102a77f6dc8807acb33fa0696a4ebb6aef5ffd9e7370d74887d56205584f11109654e906a90add24e25
SSDEEP

393216:LsJfcaIIfaL80vS1JnB3Zdp1uPGiSPWw1JEqcoUOXUA0:SfxIIfaLHvUVfp1uVS+w1dXUA0

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
4252	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\bc25f4a5eecfb787a6ec1a10fedfdd917cd186447133e1570cc688d8ea7c5549exe.exe
"C:\Users\Admin\AppData\Local\Temp\bc25f4a5eecfb787a6ec1a10fedfdd917cd186447133e1570cc688d8ea7c5549exe.exe"
1⤵
PID:3392
- C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe
  C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe
  2⤵
  PID:1548
- C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessmentBrowser.exe
  C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessmentBrowser.exe
  2⤵
  PID:532
- C:\Windows\SysWOW64\cmdkey.exe
  C:\Windows\SysWOW64\cmdkey.exe
  2⤵
  PID:4568
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell "" "SCHTASKS.exe /Create /SC MINUTE /ED 12/12/2030 /TN AutoServiceUpdate.exe /TR C:\Users\Admin\AppData\Roaming\AutoServiceUpdate.exe"
  2⤵
  PID:4924
- - C:\Windows\system32\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /ED 12/12/2030 /TN AutoServiceUpdate.exe /TR C:\Users\Admin\AppData\Roaming\AutoServiceUpdate.exe
    3⤵
    - Creates scheduled task(s)
    PID:4252

C:\Users\Admin\AppData\Roaming\AutoServiceUpdate.exe
C:\Users\Admin\AppData\Roaming\AutoServiceUpdate.exe
1⤵
PID:3120
- C:\Windows\winhlp32.exe
  C:\Windows\winhlp32.exe
  2⤵
  PID:4088

C:\Users\Admin\AppData\Roaming\AutoServiceUpdate.exe
C:\Users\Admin\AppData\Roaming\AutoServiceUpdate.exe
1⤵
PID:4752
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
  2⤵
  PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2276-58-0x0000000001170000-0x00000000012E5000-memory.dmp

Filesize
1.5MB

Download
memory/2276-59-0x0000000001170000-0x00000000012E5000-memory.dmp

Filesize
1.5MB

Download
memory/2276-61-0x0000000001170000-0x00000000012E5000-memory.dmp

Filesize
1.5MB

Download
memory/2276-60-0x0000000001170000-0x00000000012E5000-memory.dmp

Filesize
1.5MB

Download
memory/3120-46-0x00007FF7A5590000-0x00007FF7A83C8000-memory.dmp

Filesize
46.2MB

Download
memory/3120-51-0x00007FF7A5590000-0x00007FF7A83C8000-memory.dmp

Filesize
46.2MB

Download
memory/3392-38-0x00007FF713270000-0x00007FF7160A8000-memory.dmp

Filesize
46.2MB

Download
memory/3392-8-0x00007FF713270000-0x00007FF7160A8000-memory.dmp

Filesize
46.2MB

Download
memory/3392-11-0x00007FF713270000-0x00007FF7160A8000-memory.dmp

Filesize
46.2MB

Download
memory/3392-16-0x00007FF713270000-0x00007FF7160A8000-memory.dmp

Filesize
46.2MB

Download
memory/3392-3-0x00007FF713270000-0x00007FF7160A8000-memory.dmp

Filesize
46.2MB

Download
memory/4088-49-0x0000000000E00000-0x0000000000F75000-memory.dmp

Filesize
1.5MB

Download
memory/4088-50-0x0000000000E00000-0x0000000000F75000-memory.dmp

Filesize
1.5MB

Download
memory/4088-48-0x0000000000E00000-0x0000000000F75000-memory.dmp

Filesize
1.5MB

Download
memory/4568-19-0x0000000000E00000-0x0000000000F75000-memory.dmp

Filesize
1.5MB

Download
memory/4568-18-0x0000000000E00000-0x0000000000F75000-memory.dmp

Filesize
1.5MB

Download
memory/4568-17-0x0000000000E00000-0x0000000000F75000-memory.dmp

Filesize
1.5MB

Download
memory/4568-20-0x0000000000E00000-0x0000000000F75000-memory.dmp

Filesize
1.5MB

Download
memory/4752-57-0x00007FF7A5590000-0x00007FF7A83C8000-memory.dmp

Filesize
46.2MB

Download
memory/4752-62-0x00007FF7A5590000-0x00007FF7A83C8000-memory.dmp

Filesize
46.2MB

Download
memory/4924-28-0x000001F4C4810000-0x000001F4C4832000-memory.dmp

Filesize
136KB

Download
memory/4924-33-0x000001F4C2D20000-0x000001F4C2D30000-memory.dmp

Filesize
64KB

Download
memory/4924-34-0x000001F4C2D20000-0x000001F4C2D30000-memory.dmp

Filesize
64KB

Download
memory/4924-37-0x00007FF82BCC0000-0x00007FF82C781000-memory.dmp

Filesize
10.8MB

Download
memory/4924-32-0x00007FF82BCC0000-0x00007FF82C781000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads