df3b33e6cec4fa8a86bfd8bbab94743322f84a24bd1b0e626c352cb97bc717d2

Analysis

max time kernel
159s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58b8bb8708a1f5ae86f2f4b95a4b0b5d.exe
Size

2.7MB
MD5

58b8bb8708a1f5ae86f2f4b95a4b0b5d
SHA1

cbefe83b9e62e9efda12989c4e3796d8bcdcf5c5
SHA256

df3b33e6cec4fa8a86bfd8bbab94743322f84a24bd1b0e626c352cb97bc717d2
SHA512

4728c16e09cb8f03aa76e8a0489d29b299eb9430240cd43671d40ba5e8e7e185a08593c7de9988648370582a5af52d9b24b8337aa0213e7a8fb7f8e60b846003
SSDEEP

49152:0rxJB9slWY5T97x4rvXtO+jw4ztk9/FdLQz+V759YTZgl0wVHVN8A:0VOlWY9Sjd1ztgFd0SV759YFg6A

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
4424	svchost.exe
1928	58b8bb8708a1f5ae86f2f4b95a4b0b5d.exe
5032	svchost.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	svchost.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	svchost.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	svchost.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	svchost.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\createdump.exe	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	svchost.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	svchost.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\createdump.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	svchost.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	svchost.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\svchost.exe	58b8bb8708a1f5ae86f2f4b95a4b0b5d.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4492 wrote to memory of 4424	4492	58b8bb8708a1f5ae86f2f4b95a4b0b5d.exe	88
PID 4492 wrote to memory of 4424	4492	58b8bb8708a1f5ae86f2f4b95a4b0b5d.exe	88
PID 4492 wrote to memory of 4424	4492	58b8bb8708a1f5ae86f2f4b95a4b0b5d.exe	88
PID 4424 wrote to memory of 1928	4424	svchost.exe	89
PID 4424 wrote to memory of 1928	4424	svchost.exe	89
PID 4424 wrote to memory of 1928	4424	svchost.exe	89

C:\Users\Admin\AppData\Local\Temp\58b8bb8708a1f5ae86f2f4b95a4b0b5d.exe
"C:\Users\Admin\AppData\Local\Temp\58b8bb8708a1f5ae86f2f4b95a4b0b5d.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4492
- C:\Windows\svchost.exe
  "C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\58b8bb8708a1f5ae86f2f4b95a4b0b5d.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4424
- - C:\Users\Admin\AppData\Local\Temp\58b8bb8708a1f5ae86f2f4b95a4b0b5d.exe
    "C:\Users\Admin\AppData\Local\Temp\58b8bb8708a1f5ae86f2f4b95a4b0b5d.exe"
    3⤵
    - Executes dropped EXE
    PID:1928

C:\Windows\svchost.exe
C:\Windows\svchost.exe
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\58b8bb8708a1f5ae86f2f4b95a4b0b5d.exe

Filesize
2.7MB

MD5
cde57c7204fd4d791d026cd00b5b4f3c

SHA1
be0e417a12914a48cca803d95d00775af03229a9

SHA256
0602d4990e62fae8afcdac444f66eabdd3224b0be86f25a0798ac42992be7602

SHA512
781170e7396afff18d86277791cb9cead5458cda6f115e2b46e400450fe3ff2d4cc8eeb329b35918db06f46b0d93a133537a486253369f9cc702c53b5250331a

Download Submit
C:\Windows\svchost.exe

Filesize
35KB

MD5
345861f739ef259c33abc7ef49b81694

SHA1
3b6aff327d91e66a207c0557eac6ddefab104598

SHA256
fc3220611aded768e37b125c4e4d5a8ffdbf7dfa8d8c19c07c7791b486457948

SHA512
7b0aae948a594f29125a3e80f6c2b51421cda07f5ee4554538037f12b87d4b3937ee74fb400505efcd2a953c897a49d79d875148516dcef619c514251854dfad

Download Submit
memory/4424-10-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/4492-3-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/5032-14-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/5032-16-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/5032-18-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads