3f6f3a1c66f6d1396333212b13de7ecf7c8ba19ce86de0d04defd8ad3691cfb5

Analysis

max time kernel
30s
max time network
153s
platform
windows7_x64
resource
win7-20231215-es
resource tags

arch:x64arch:x86image:win7-20231215-eslocale:es-esos:windows7-x64systemwindows
submitted
11-01-2024 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

C40207-1910.exe
Size

10KB
MD5

0f8dd2ad1f13317a2c31f30b3a8d1949
SHA1

bd8af3c41e6a6479f7499c7ae8f3e1f009ea1cf5
SHA256

153ebefc675e7d4dc3981e23fc334e118fb2db33d76d6c6dce44fe33c5fb4ee5
SHA512

46936c98a5578bf7cae3b0dd9351afdd843efe8fc119f2d411ecd16304bba80d50a280b92514910dc8c2c2cea9e81b56f6a1d8923944f8552912bfa49b232772
SSDEEP

192:kDw4V0MK4IEUnz1ZbrfVJ2eDzyTX8QEVHPfdHP:0k45WfVJ2eD+MQEVvfx

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

C40207-1910.exe

description	pid	Process
Token: SeDebugPrivilege	2272	C40207-1910.exe

C:\Users\Admin\AppData\Local\Temp\C40207-1910.exe
"C:\Users\Admin\AppData\Local\Temp\C40207-1910.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2272
- C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\Schedule.exe
  "C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\Schedule.exe"
  2⤵
  PID:1268
- C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\AWCCInstallationManager.exe
  "C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\AWCCInstallationManager.exe"
  2⤵
  PID:3000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\AWCCInstallationManager.exe

Filesize
39KB

MD5
1f2a102aa0176e2eb7ca0a6d2588a3c1

SHA1
6b7564cc75691146eea332eec8ac7f92ac9e01bd

SHA256
88eb65da80420909ac5a1d79b71002af22de07f20607c6bc73a421e94711db5b

SHA512
e0a3a7fbacc04bbec71660d2fe031d2929567d10bc64ffa0254c163e0d35b075c6853236ed08fe3061c8bc72a8d5267c1f8ba533c384b4b9af02b5342ff90e88

Download Submit
C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\AWCCInstallationManager.exe

Filesize
178KB

MD5
ad03635b443257934efa8cabd9d22f45

SHA1
27b9aeee78673388b6b692c4f31387f2d68ae05f

SHA256
de12169a8e7aa2957624556cfb2ad0d47acb54681dcbf45691c241be7530084d

SHA512
4062e03740d46378a5c69e4ee7e2396557aaa9d82333c24c384b5087956a9671aadf68cc0050ebdee2dfa2bd71a745f7bca66280bf9db16fec968e145d7e8ca4

Download Submit
C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\Microsoft.Win32.TaskScheduler.dll

Filesize
38KB

MD5
00e17c37608fb8cd406907e0ebcfc5a3

SHA1
cb99b20f858d6fde0713ff8d651aa5aa26917608

SHA256
09f95753c66cc5f2df526698426e3d078944004d6b05cb86b134d2b5c0e67d99

SHA512
e6648b1f9cb0fe332a67d1e085e85c46ccca24c63f9a49646159fd3375ffdc580ef0957590b8321b26885bf48269b7c18980aa4c6df92d1b54071905d984310d

Download Submit
C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\Schedule.exe

Filesize
6KB

MD5
e018b0250f8e15e55564a4dcbe672939

SHA1
3d1799d8b74888872e3955666162903aa43ef832

SHA256
802c69f0948decc4cfa3bb46a9253fe393d24306a78add167b3a55441909b086

SHA512
dbaae998534c44845cc0830159e33eb328b1b89cd23b29343afc63e515ec90242532439f9bda4f79b2e22da81f5b6bacb9d6f12248ddafc80bb4ab27578ddd9c

Download Submit
C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\WPS32.DLL

Filesize
34KB

MD5
9802abd4a1528d21de62dbc6285f3c02

SHA1
270448feca494d96e96ce346b2574e3bfff84cab

SHA256
5812f1a64cddc473556bf13fb9f6aca8262653f6da37e8b09507a91409fc7e7e

SHA512
b2d972023f5d87907dafffe4f98961f7edade4538c4b67cee196d57a0127d6103424f43642ee2cdbabe6bbbcb31ba649eb30ca2b4c805028fd8b9976a6590e3f

Download Submit
C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\de.ini

Filesize
17KB

MD5
abd1c92668ce04aedfe0c957006571e0

SHA1
de06877fc5d0dc1ca2effa4b0ce4a7dcfb0b51cd

SHA256
d74aaa3fb95227fca5c6d58e46017cdce763b0e6ae5f9fd628fdcae91ad1901e

SHA512
72cdc519a49938855ee36cd75fa88c4fbf274b52269741f89efd0d3729281edd0b40a7a50a3fececb3a6e31aa07ff326d1f22effe1ad94c955eaca9992b6d701

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBE81.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBED2.tmp

Filesize
42KB

MD5
5bc6c2e04c1d5cb12b10732694acd08a

SHA1
dc2678311bf68e4c1a2fd0d5d82e979aea69e943

SHA256
2781159733f5c0de9733315af8a490f1260a707e45ed242119e96f6cb15017e8

SHA512
5e4bfe24050baf84916f3f04f12c1dc357fc7e3cb02195e78ed2b0e090098f1366254c1954e7000f7727fc23500759b52066c7c0868fbcde98fa74c15be313e0

Download Submit
C:\Users\Admin\LDRsnw.dat

Filesize
117B

MD5
7a9e57588bd8399e701512cf4a2b0e89

SHA1
cb18ec03150eeb57d98bb7bc33fbcdd1b6a9cd92

SHA256
b34913a242346219cfdbc844320e8c4b9e685483aa9e6ec7bcd574aa25770542

SHA512
25ff3cb4fc6877f3e27d0b62c4d62a3e8f62039d1469024b78e833da02a795993dc6663da70a7e18f4b76fd1d0a0cca54a5060cf3dcf483050b3f3870ca6c80c

Download Submit
\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\AWCCInstallationManager.exe

Filesize
126KB

MD5
309359485157bc94240b17c23904b1b5

SHA1
4fdbdeac15fecec9486cebe66ce7d43706d96035

SHA256
c59122998a769413761050a2abf9e9dfc9dc09270f70bb6c7a3d7d7339e3eb3a

SHA512
476a59ba5bfc3863cecf9cd490c91c9e46a3822730c743c28ad471f31b32a509bb977e2cc3b8d9c2f84149dbb667a7aedb0c51355715452c0cee5303aa53c68f

Download Submit
\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\Microsoft.Win32.TaskScheduler.dll

Filesize
29KB

MD5
a473bf734b1a2add3cf3ba2b2a3f1cf4

SHA1
5c85dc6879264ee828a59fa1cf2ad889024f31c7

SHA256
71ab53d43139f40149ef3a928d2f99fb71ebfa5aa7b8027438e616047c23949f

SHA512
7b0a5b08baabdf7d4bd6cfca77461a71e85849037f82e3a12bfeb8b2ad96d79c2b64cce6b7b61b1b1bd6c469b5b89a0d17c89d7c1af14b58bd9804333133718a

Download Submit
\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\Microsoft.Win32.TaskScheduler.dll

Filesize
100KB

MD5
9549c181451b831095909639437b00de

SHA1
172c8e77f03e458dd74bb243400b88fb12ea82f2

SHA256
ab381871bba278b9f217dd73fcb9b4f54b33655a20e8ab1f802ed8736ec21173

SHA512
1fc0bd1f4da7a3824bc8ab4a93b34f342d75a0056e79a07a152343f87e4e542e4107e39cc5cd2bcda2f2060dc1156633505ccd867312b78a62e07ea4824e5404

Download Submit
\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\WPS32.dll

Filesize
129KB

MD5
37c701dc0c5bd0fbbe13bd10e636236c

SHA1
40b182936fa75e2a52509d7dee1cf212eb2aa74e

SHA256
c6e60b560aa8e85dcbee35511a174025c3e4ae8c297fc13bd3f7454a3d960816

SHA512
eced71740cb848cb60e770b22ff67dce35e53b71a20ad667bde405b6e06d9730c1dd8ceb9433c6884ca255be3df1f58cd8ec4e9a51c57ef9a9a9d6001888f0f2

Download Submit
memory/1268-134-0x0000000074AE0000-0x00000000751CE000-memory.dmp

Filesize
6.9MB

Download
memory/1268-121-0x00000000004F0000-0x0000000000548000-memory.dmp

Filesize
352KB

Download
memory/1268-122-0x0000000074AE0000-0x00000000751CE000-memory.dmp

Filesize
6.9MB

Download
memory/1268-130-0x0000000000B10000-0x0000000000B50000-memory.dmp

Filesize
256KB

Download
memory/1268-117-0x0000000000C50000-0x0000000000C58000-memory.dmp

Filesize
32KB

Download
memory/1268-135-0x0000000074AE0000-0x00000000751CE000-memory.dmp

Filesize
6.9MB

Download
memory/2272-2-0x00000000003E0000-0x0000000000420000-memory.dmp

Filesize
256KB

Download
memory/2272-110-0x00000000003E0000-0x0000000000420000-memory.dmp

Filesize
256KB

Download
memory/2272-131-0x0000000074AE0000-0x00000000751CE000-memory.dmp

Filesize
6.9MB

Download
memory/2272-129-0x00000000003E0000-0x0000000000420000-memory.dmp

Filesize
256KB

Download
memory/2272-0-0x0000000001250000-0x0000000001258000-memory.dmp

Filesize
32KB

Download
memory/2272-108-0x0000000074AE0000-0x00000000751CE000-memory.dmp

Filesize
6.9MB

Download
memory/2272-1-0x0000000074AE0000-0x00000000751CE000-memory.dmp

Filesize
6.9MB

Download
memory/3000-132-0x0000000000400000-0x0000000000F44000-memory.dmp

Filesize
11.3MB

Download
memory/3000-148-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/3000-137-0x0000000001490000-0x0000000001CFE000-memory.dmp

Filesize
8.4MB

Download
memory/3000-141-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/3000-142-0x00000000064B0000-0x00000000064B1000-memory.dmp

Filesize
4KB

Download
memory/3000-143-0x0000000000400000-0x0000000000F44000-memory.dmp

Filesize
11.3MB

Download
memory/3000-144-0x0000000001490000-0x0000000001CFE000-memory.dmp

Filesize
8.4MB

Download
memory/3000-147-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/3000-146-0x0000000001490000-0x0000000001CFE000-memory.dmp

Filesize
8.4MB

Download
memory/3000-139-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/3000-150-0x0000000001490000-0x0000000001CFE000-memory.dmp

Filesize
8.4MB

Download
memory/3000-152-0x0000000001490000-0x0000000001CFE000-memory.dmp

Filesize
8.4MB

Download
memory/3000-154-0x0000000001490000-0x0000000001CFE000-memory.dmp

Filesize
8.4MB

Download
memory/3000-156-0x0000000001490000-0x0000000001CFE000-memory.dmp

Filesize
8.4MB

Download
memory/3000-158-0x0000000001490000-0x0000000001CFE000-memory.dmp

Filesize
8.4MB

Download
memory/3000-160-0x0000000001490000-0x0000000001CFE000-memory.dmp

Filesize
8.4MB

Download
memory/3000-162-0x0000000001490000-0x0000000001CFE000-memory.dmp

Filesize
8.4MB

Download
memory/3000-164-0x0000000001490000-0x0000000001CFE000-memory.dmp

Filesize
8.4MB

Download