Overview

overview

7

Static

static

3

5650b45406...4e.exe

windows7-x64

7

5650b45406...4e.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...mr.exe

windows7-x64

1

$PLUGINSDI...mr.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 11:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/downloadmr.exe

  • Size

    122KB

  • MD5

    da254a8488b60244654e1cf4d6796cf8

  • SHA1

    23d06f4589786652a3a226b5012a5520a3d03452

  • SHA256

    6d3b82a7ad74a1e88ae4d0f9176082130f1558fb3ff42a8b45ca8b80445efc2d

  • SHA512

    d311f90ad65441f6c7ae55220c2c3f117aa7601d083e6847e1b58b96c3c332d68a25d445310818396dc88678fb9ec5356f35a04a392c3d23746a2231e14b0a2e

  • SSDEEP

    1536:QaVwX9UxiLc97S3K1o/cVeGKNJIWLg49cbjXzMomH5wvtNIzNqe:QaVk9Ook231GKHICRIpmHGMNqe

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\downloadmr.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\downloadmr.exe"
    1⤵
      PID:3568
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:5084
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4500

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
              Filesize

              16KB

              MD5

              3e948a23748ee8d04b6e6b28968ea623

              SHA1

              d91a4027d36f30dd5893dc7a7f3022ecc7730ef3

              SHA256

              f92a97853c4098225ae4e74a817920e1e7e691bdc1a572ad3761bf90637297f3

              SHA512

              f7cb19a5e507e08ad502487db5c5c1271cc55ed0c66edb7ed46436645fe28cf7ab5d0b67b113f7257f66d002efa128179aadee23a89216a60841fb02a3ab2d9b

              Download Submit

            • memory/3568-0-0x0000000074DF0000-0x00000000753A1000-memory.dmp

              Filesize

              5.7MB

              Download

            • memory/3568-1-0x0000000074DF0000-0x00000000753A1000-memory.dmp

              Filesize

              5.7MB

              Download

            • memory/3568-2-0x0000000001070000-0x0000000001080000-memory.dmp

              Filesize

              64KB

              Download

            • memory/3568-4-0x0000000074DF0000-0x00000000753A1000-memory.dmp

              Filesize

              5.7MB

              Download

            • memory/4500-44-0x000001D8E4A30000-0x000001D8E4A31000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-48-0x000001D8E4650000-0x000001D8E4651000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-39-0x000001D8E4A30000-0x000001D8E4A31000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-40-0x000001D8E4A30000-0x000001D8E4A31000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-41-0x000001D8E4A30000-0x000001D8E4A31000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-42-0x000001D8E4A30000-0x000001D8E4A31000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-43-0x000001D8E4A30000-0x000001D8E4A31000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-37-0x000001D8E4A00000-0x000001D8E4A01000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-46-0x000001D8E4A30000-0x000001D8E4A31000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-45-0x000001D8E4A30000-0x000001D8E4A31000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-47-0x000001D8E4A30000-0x000001D8E4A31000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-38-0x000001D8E4A30000-0x000001D8E4A31000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-49-0x000001D8E4640000-0x000001D8E4641000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-51-0x000001D8E4650000-0x000001D8E4651000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-54-0x000001D8E4640000-0x000001D8E4641000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-57-0x000001D8E4580000-0x000001D8E4581000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-21-0x000001D8DC440000-0x000001D8DC450000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4500-69-0x000001D8E4780000-0x000001D8E4781000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-71-0x000001D8E4790000-0x000001D8E4791000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-72-0x000001D8E4790000-0x000001D8E4791000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4500-73-0x000001D8E48A0000-0x000001D8E48A1000-memory.dmp

              Filesize

              4KB

              Download