Overview

overview

7

Static

static

7

C40207-1910.exe

windows7-x64

1

C40207-1910.exe

windows10-2004-x64

1

_.exe

windows7-x64

7

_.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    8s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    11-01-2024 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    C40207-1910.exe

  • Size

    10KB

  • MD5

    0f8dd2ad1f13317a2c31f30b3a8d1949

  • SHA1

    bd8af3c41e6a6479f7499c7ae8f3e1f009ea1cf5

  • SHA256

    153ebefc675e7d4dc3981e23fc334e118fb2db33d76d6c6dce44fe33c5fb4ee5

  • SHA512

    46936c98a5578bf7cae3b0dd9351afdd843efe8fc119f2d411ecd16304bba80d50a280b92514910dc8c2c2cea9e81b56f6a1d8923944f8552912bfa49b232772

  • SSDEEP

    192:kDw4V0MK4IEUnz1ZbrfVJ2eDzyTX8QEVHPfdHP:0k45WfVJ2eD+MQEVvfx

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\C40207-1910.exe
    "C:\Users\Admin\AppData\Local\Temp\C40207-1910.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4068
    • C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\AWCCInstallationManager.exe
      "C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\AWCCInstallationManager.exe"
      2⤵
        PID:2396
      • C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\Schedule.exe
        "C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\Schedule.exe"
        2⤵
          PID:4692

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\AWCCInstallationManager.exe
        Filesize

        51KB

        MD5

        d76db3fbab1f936ec6f762ed72e3e8a6

        SHA1

        61cfe08df210944ce23f91eca08f870101229060

        SHA256

        a7be54f76f2202e86df164245630b96c179523d6c39b08727f772c3140bace86

        SHA512

        ffddbcaffd33f19297764a677a8845b9ab80d6013ee3f76421c06746e1fd97df639b735dba4953ad548eb9fb150a737565fa0110f82af4514aadffeed1948a36

        Download Submit

      • C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\AWCCInstallationManager.exe
        Filesize

        175KB

        MD5

        cc365baa27266059a2c8a7d5ee3821b6

        SHA1

        93acbb6871bef44db0ab121f78e7c9c871c3699d

        SHA256

        1cdb3c668ade98ee05604298759a1200cdeac547926194c8ac373933fe536a60

        SHA512

        c5cf5e8d33b4bde4887777e59d0c27fa5ae0842eb252f8e8f7b6e350f3872d8e59ef6cfbb83c2bd16e7a02f01f4e2939e476052c8212f74efe8c70d19e15e9f0

        Download Submit

      • C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\Microsoft.Win32.TaskScheduler.dll
        Filesize

        180KB

        MD5

        2beaeea3db58cc5e019ab5d990fa24be

        SHA1

        363f81841eb1475345bb25120afc815a0f2f9d32

        SHA256

        a3ac4f0ae8f3c23abe67d38f625dd0c57783c263e5cd06a66eee18192fbf853a

        SHA512

        acf623776be390abe4cf34bd97a118f362643504427715777840f5cdc2d294787b292a373c53be914fe6541695cb18dcc95849e9c20932684ea8a7407a540d90

        Download Submit

      • C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\Microsoft.Win32.TaskScheduler.dll
        Filesize

        229KB

        MD5

        e37722169b2d67e6b70b78df0f065894

        SHA1

        11b2ce2b03ce402c4af00833940cfd3fe1550b53

        SHA256

        95d88fbce2a051816dd7bfc1617fa91e0794be8b3634cea42c9929c118e1fbbc

        SHA512

        b598dee02db379c9184b912d3b1c48085a2302e13ecfb382be09cf3c9e8e2fe2a472b21abfb02105507b0de4cad22c519d66d5acfdb913c7a6c36812c6ca6779

        Download Submit

      • C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\Microsoft.Win32.TaskScheduler.dll
        Filesize

        117KB

        MD5

        3f55f25f5b1521ad957eb600d7dd9aaa

        SHA1

        7f82c3e7cb63a0d5b0350a1115370ac792bdfe99

        SHA256

        012b5f20e490257929c55aff21e03ab28216f9d09eec59f75788bee8ef0e6c6a

        SHA512

        34ae4fb0c599bd8120c22945aa162bc8b90a5a41b552897aafcfb4d35883a930a38558e2ec6e817f8ae422511f6bebc759159200396a434a3a059056090ce122

        Download Submit

      • C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\Schedule.exe
        Filesize

        6KB

        MD5

        e018b0250f8e15e55564a4dcbe672939

        SHA1

        3d1799d8b74888872e3955666162903aa43ef832

        SHA256

        802c69f0948decc4cfa3bb46a9253fe393d24306a78add167b3a55441909b086

        SHA512

        dbaae998534c44845cc0830159e33eb328b1b89cd23b29343afc63e515ec90242532439f9bda4f79b2e22da81f5b6bacb9d6f12248ddafc80bb4ab27578ddd9c

        Download Submit

      • C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\WPS32.DLL
        Filesize

        51KB

        MD5

        09b1ba0f52711f3f85d9fa68aff216d8

        SHA1

        9d5ccd245831694a7a7487e5a7de0f28ee48d800

        SHA256

        70c07f0a9866ec5c04e5f9eac7727433bcb632185de11b8bff8c8716438a49fa

        SHA512

        d4591c3aa02b0cded03a794a6ada4dc37b1d03fcc205efaf99e46f55dbb1cfc968fbdecc5e4af6e0f27a00ec1b7b92e222518572b6ace9b048e9859312b336d5

        Download Submit

      • C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\WPS32.dll
        Filesize

        35KB

        MD5

        8d0ea0e30125196c03b897132e321cfd

        SHA1

        60555ccaf61715c28127cabe70b96f1bccc9704f

        SHA256

        1b690b1a87ae58bd5303a5aa9c55c609748945e6694dbbe4a6704411b51cad98

        SHA512

        28db82d9b2269f63f80f73e298864286ae7a6a42efab79dbd7dc5c0168a06e28492730baa3d81621548bbf5aa960f59a03117e5329a5faef06ff8081e34072a8

        Download Submit

      • C:\Users\Admin\AppData\Local\Bckpp\mdm5674a.inf_amd64_ae7a3e6433fcaad1\WPS32.dll
        Filesize

        20KB

        MD5

        cbaa8d967d4f3ab6eee0c8739d4325ee

        SHA1

        04acb015e077980ece8a167031c3ee9baf5c6ee1

        SHA256

        21679f38e8ca6992cc30e63677fa33447688693f6180810a9224db872a430d45

        SHA512

        182967856b9db681c36b769937cddee1322e0b404a508803dbec4412d3eacd4e2e2083ee3030930f1e75b37b97ed08b32acdc9c5209f81250acd370316cf0d15

        Download Submit

      • C:\Users\Admin\LDRsnw.dat
        Filesize

        117B

        MD5

        7a9e57588bd8399e701512cf4a2b0e89

        SHA1

        cb18ec03150eeb57d98bb7bc33fbcdd1b6a9cd92

        SHA256

        b34913a242346219cfdbc844320e8c4b9e685483aa9e6ec7bcd574aa25770542

        SHA512

        25ff3cb4fc6877f3e27d0b62c4d62a3e8f62039d1469024b78e833da02a795993dc6663da70a7e18f4b76fd1d0a0cca54a5060cf3dcf483050b3f3870ca6c80c

        Download Submit

      • memory/2396-118-0x0000000001590000-0x0000000001DFE000-memory.dmp

        Filesize

        8.4MB

        Download

      • memory/2396-126-0x0000000001590000-0x0000000001DFE000-memory.dmp

        Filesize

        8.4MB

        Download

      • memory/2396-142-0x0000000001590000-0x0000000001DFE000-memory.dmp

        Filesize

        8.4MB

        Download

      • memory/2396-140-0x0000000001590000-0x0000000001DFE000-memory.dmp

        Filesize

        8.4MB

        Download

      • memory/2396-138-0x0000000001590000-0x0000000001DFE000-memory.dmp

        Filesize

        8.4MB

        Download

      • memory/2396-136-0x0000000001590000-0x0000000001DFE000-memory.dmp

        Filesize

        8.4MB

        Download

      • memory/2396-134-0x0000000001590000-0x0000000001DFE000-memory.dmp

        Filesize

        8.4MB

        Download

      • memory/2396-132-0x0000000001590000-0x0000000001DFE000-memory.dmp

        Filesize

        8.4MB

        Download

      • memory/2396-130-0x0000000001590000-0x0000000001DFE000-memory.dmp

        Filesize

        8.4MB

        Download

      • memory/2396-128-0x0000000001590000-0x0000000001DFE000-memory.dmp

        Filesize

        8.4MB

        Download

      • memory/2396-124-0x0000000001590000-0x0000000001DFE000-memory.dmp

        Filesize

        8.4MB

        Download

      • memory/2396-122-0x0000000001270000-0x0000000001271000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2396-121-0x0000000001590000-0x0000000001DFE000-memory.dmp

        Filesize

        8.4MB

        Download

      • memory/2396-119-0x0000000003640000-0x0000000003641000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2396-117-0x0000000000400000-0x0000000000F44000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2396-116-0x00000000071D0000-0x00000000071D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2396-110-0x0000000001590000-0x0000000001DFE000-memory.dmp

        Filesize

        8.4MB

        Download

      • memory/2396-111-0x0000000003640000-0x0000000003641000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2396-113-0x0000000001270000-0x0000000001271000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2396-114-0x0000000000400000-0x0000000000F44000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2396-115-0x0000000001590000-0x0000000001DFE000-memory.dmp

        Filesize

        8.4MB

        Download

      • memory/4068-8-0x0000000008030000-0x0000000008042000-memory.dmp

        Filesize

        72KB

        Download

      • memory/4068-3-0x00000000057C0000-0x0000000005852000-memory.dmp

        Filesize

        584KB

        Download

      • memory/4068-0-0x0000000074DA0000-0x0000000075550000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4068-107-0x0000000074DA0000-0x0000000075550000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4068-4-0x00000000056E0000-0x00000000056F0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4068-103-0x00000000085A0000-0x00000000086A2000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/4068-2-0x0000000005CD0000-0x0000000006274000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/4068-101-0x0000000008450000-0x0000000008490000-memory.dmp

        Filesize

        256KB

        Download

      • memory/4068-1-0x0000000000D70000-0x0000000000D78000-memory.dmp

        Filesize

        32KB

        Download

      • memory/4068-5-0x0000000005790000-0x000000000579A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4068-6-0x0000000005CA0000-0x0000000005CAA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4692-95-0x0000000074DA0000-0x0000000075550000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4692-106-0x0000000074DA0000-0x0000000075550000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4692-102-0x0000000005800000-0x0000000005810000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4692-94-0x0000000005690000-0x00000000056E8000-memory.dmp

        Filesize

        352KB

        Download

      • memory/4692-90-0x0000000000E60000-0x0000000000E68000-memory.dmp

        Filesize

        32KB

        Download