b04e66fb3a8c3554b258e1c1fcb50b744d489d27a486f37c02f03108b9e97116

Analysis

max time kernel
39s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 01:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

TT Aug 17.exe
Size

603KB
MD5

48c5715cdc50576956a8422032ca6244
SHA1

77e60bdabc9db89b108aee2b64c084fda4062a93
SHA256

e9d9214d70044ecda6351445430feb592c25e13c617a4bbabec59b43a3d3745c
SHA512

429814da7537b0fa6abb649a6e0918ca3f5127aa844620ad58d2eee5135f984f93b5be16b4adb1570c460de2e1e602db51f94db37a649297bafc7db5e8d02f45
SSDEEP

12288:1vJKB6Y/o/SNCkxTe8IUuDTLJL594KotSjkHM8L+QETwXQ6v3+Y3VLO7mPUxW3XV:1IA5/SnTCU2N59DdkHKiX

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4168 set thread context of 552	4168	TT Aug 17.exe	100

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4168	TT Aug 17.exe
4168	TT Aug 17.exe
4168	TT Aug 17.exe
552	TT Aug 17.exe
552	TT Aug 17.exe
552	TT Aug 17.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4168	TT Aug 17.exe
Token: SeDebugPrivilege	552	TT Aug 17.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4168 wrote to memory of 552	4168	TT Aug 17.exe	100
PID 4168 wrote to memory of 552	4168	TT Aug 17.exe	100
PID 4168 wrote to memory of 552	4168	TT Aug 17.exe	100
PID 4168 wrote to memory of 552	4168	TT Aug 17.exe	100
PID 4168 wrote to memory of 552	4168	TT Aug 17.exe	100
PID 4168 wrote to memory of 552	4168	TT Aug 17.exe	100
PID 4168 wrote to memory of 552	4168	TT Aug 17.exe	100
PID 4168 wrote to memory of 552	4168	TT Aug 17.exe	100

C:\Users\Admin\AppData\Local\Temp\TT Aug 17.exe
"C:\Users\Admin\AppData\Local\Temp\TT Aug 17.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4168
- C:\Users\Admin\AppData\Local\Temp\TT Aug 17.exe
  "{path}"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/552-18-0x00000000050F0000-0x0000000005100000-memory.dmp

Filesize
64KB

Download
memory/552-27-0x00000000050F0000-0x0000000005100000-memory.dmp

Filesize
64KB

Download
memory/552-26-0x00000000050F0000-0x0000000005100000-memory.dmp

Filesize
64KB

Download
memory/552-25-0x0000000006510000-0x0000000006560000-memory.dmp

Filesize
320KB

Download
memory/552-23-0x00000000050F0000-0x0000000005100000-memory.dmp

Filesize
64KB

Download
memory/552-22-0x0000000075040000-0x00000000757F0000-memory.dmp

Filesize
7.7MB

Download
memory/552-19-0x0000000005330000-0x0000000005348000-memory.dmp

Filesize
96KB

Download
memory/552-20-0x00000000056A0000-0x0000000005706000-memory.dmp

Filesize
408KB

Download
memory/552-13-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/552-16-0x0000000075040000-0x00000000757F0000-memory.dmp

Filesize
7.7MB

Download
memory/4168-6-0x0000000005080000-0x000000000508A000-memory.dmp

Filesize
40KB

Download
memory/4168-8-0x0000000006500000-0x000000000659C000-memory.dmp

Filesize
624KB

Download
memory/4168-12-0x0000000006DB0000-0x0000000006DEE000-memory.dmp

Filesize
248KB

Download
memory/4168-17-0x0000000075040000-0x00000000757F0000-memory.dmp

Filesize
7.7MB

Download
memory/4168-10-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

Filesize
64KB

Download
memory/4168-9-0x0000000075040000-0x00000000757F0000-memory.dmp

Filesize
7.7MB

Download
memory/4168-7-0x0000000005CE0000-0x0000000005CE8000-memory.dmp

Filesize
32KB

Download
memory/4168-11-0x0000000004C10000-0x0000000004C92000-memory.dmp

Filesize
520KB

Download
memory/4168-1-0x0000000075040000-0x00000000757F0000-memory.dmp

Filesize
7.7MB

Download
memory/4168-5-0x0000000004EF0000-0x0000000004F82000-memory.dmp

Filesize
584KB

Download
memory/4168-4-0x00000000054A0000-0x0000000005A44000-memory.dmp

Filesize
5.6MB

Download
memory/4168-3-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

Filesize
64KB

Download
memory/4168-2-0x0000000004A70000-0x0000000004AD4000-memory.dmp

Filesize
400KB

Download
memory/4168-0-0x00000000000B0000-0x000000000014E000-memory.dmp

Filesize
632KB

Download