ab8961ddc395b47b0e73d07a87a65eb10f17f51cd2865b67ead9857a98b7c9ea

Analysis

max time kernel
142s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 12:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58ebfa808f9340825d0299616eb7a882.exe
Size

649KB
MD5

58ebfa808f9340825d0299616eb7a882
SHA1

f28b1129231b238bcf64e2636f07691cbafce715
SHA256

ab8961ddc395b47b0e73d07a87a65eb10f17f51cd2865b67ead9857a98b7c9ea
SHA512

70c5f979918a0b543a61e379fc5bd7a606ef1adadd255b606a30bea826008ca9d771f460b64b2b3961051caf9665868588922f3d2a3327c9667e0609d5a1e1ea
SSDEEP

12288:2kMUFBlnajyYT5EOGnp9y56DfirVq8MavyTTzDF3Z4mxxwxtRnoI97dbGkE:FMyVYNEJQwuVPSTzDQmXmtGI97d6kE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
960	Hacker.com.cn.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Hacker.com.cn.exe	58ebfa808f9340825d0299616eb7a882.exe
File opened for modification	C:\Windows\Hacker.com.cn.exe	58ebfa808f9340825d0299616eb7a882.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3028	58ebfa808f9340825d0299616eb7a882.exe
Token: SeDebugPrivilege	960	Hacker.com.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
960	Hacker.com.cn.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 2976	960	Hacker.com.cn.exe	29
PID 960 wrote to memory of 2976	960	Hacker.com.cn.exe	29
PID 960 wrote to memory of 2976	960	Hacker.com.cn.exe	29
PID 960 wrote to memory of 2976	960	Hacker.com.cn.exe	29

C:\Users\Admin\AppData\Local\Temp\58ebfa808f9340825d0299616eb7a882.exe
"C:\Users\Admin\AppData\Local\Temp\58ebfa808f9340825d0299616eb7a882.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3028

C:\Windows\Hacker.com.cn.exe
C:\Windows\Hacker.com.cn.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:960
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Hacker.com.cn.exe

Filesize
649KB

MD5
58ebfa808f9340825d0299616eb7a882

SHA1
f28b1129231b238bcf64e2636f07691cbafce715

SHA256
ab8961ddc395b47b0e73d07a87a65eb10f17f51cd2865b67ead9857a98b7c9ea

SHA512
70c5f979918a0b543a61e379fc5bd7a606ef1adadd255b606a30bea826008ca9d771f460b64b2b3961051caf9665868588922f3d2a3327c9667e0609d5a1e1ea

Download Submit
C:\Windows\Hacker.com.cn.exe

Filesize
501KB

MD5
2fc23b755f5d58d0fdf7dbb873c36d6d

SHA1
951ea314b17fdf2d8857b9b43bd2ac5175c45b91

SHA256
2a6c17eabc5639a813206e3e2c582b348ce9fa321571610dbc9e66266d54ea8c

SHA512
e91dfc61eba7c304a35fae02041a6607d03e53b671b4e48c1ae64e13c5e49358f198532558693d7164c739cc2283b0d1b66ab753f9fa67930f2669630e2deb7e

Download Submit
memory/960-151-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/960-162-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/3028-0-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/3028-1-0x0000000000370000-0x00000000003C4000-memory.dmp

Filesize
336KB

Download
memory/3028-13-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/3028-58-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/3028-65-0x0000000004500000-0x0000000004501000-memory.dmp

Filesize
4KB

Download
memory/3028-64-0x00000000044D0000-0x00000000044D1000-memory.dmp

Filesize
4KB

Download
memory/3028-63-0x00000000044E0000-0x00000000044E1000-memory.dmp

Filesize
4KB

Download
memory/3028-62-0x0000000003770000-0x0000000003771000-memory.dmp

Filesize
4KB

Download
memory/3028-61-0x00000000044C0000-0x00000000044C1000-memory.dmp

Filesize
4KB

Download
memory/3028-57-0x0000000003570000-0x0000000003571000-memory.dmp

Filesize
4KB

Download
memory/3028-56-0x0000000003610000-0x0000000003611000-memory.dmp

Filesize
4KB

Download
memory/3028-55-0x0000000003620000-0x0000000003621000-memory.dmp

Filesize
4KB

Download
memory/3028-54-0x00000000035F0000-0x00000000035F1000-memory.dmp

Filesize
4KB

Download
memory/3028-53-0x0000000003600000-0x0000000003601000-memory.dmp

Filesize
4KB

Download
memory/3028-52-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/3028-51-0x00000000035E0000-0x00000000035E1000-memory.dmp

Filesize
4KB

Download
memory/3028-50-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/3028-49-0x0000000003580000-0x0000000003581000-memory.dmp

Filesize
4KB

Download
memory/3028-48-0x0000000003590000-0x0000000003591000-memory.dmp

Filesize
4KB

Download
memory/3028-47-0x00000000035A0000-0x00000000035A1000-memory.dmp

Filesize
4KB

Download
memory/3028-46-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/3028-45-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/3028-44-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/3028-43-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/3028-42-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/3028-41-0x0000000003500000-0x0000000003501000-memory.dmp

Filesize
4KB

Download
memory/3028-40-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3028-39-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/3028-38-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/3028-37-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3028-36-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/3028-35-0x00000000034A0000-0x00000000034A1000-memory.dmp

Filesize
4KB

Download
memory/3028-34-0x00000000034B0000-0x00000000034B1000-memory.dmp

Filesize
4KB

Download
memory/3028-33-0x0000000003390000-0x0000000003391000-memory.dmp

Filesize
4KB

Download
memory/3028-32-0x0000000003360000-0x0000000003361000-memory.dmp

Filesize
4KB

Download
memory/3028-31-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/3028-30-0x0000000003340000-0x0000000003341000-memory.dmp

Filesize
4KB

Download
memory/3028-29-0x0000000003350000-0x0000000003351000-memory.dmp

Filesize
4KB

Download
memory/3028-28-0x0000000003320000-0x0000000003321000-memory.dmp

Filesize
4KB

Download
memory/3028-27-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/3028-26-0x0000000003300000-0x0000000003301000-memory.dmp

Filesize
4KB

Download
memory/3028-25-0x0000000003310000-0x0000000003311000-memory.dmp

Filesize
4KB

Download
memory/3028-24-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/3028-23-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/3028-22-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/3028-21-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/3028-20-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/3028-19-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/3028-18-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/3028-17-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/3028-16-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

Filesize
4KB

Download
memory/3028-15-0x0000000000890000-0x0000000000891000-memory.dmp

Filesize
4KB

Download
memory/3028-14-0x00000000032D0000-0x00000000032D1000-memory.dmp

Filesize
4KB

Download
memory/3028-12-0x0000000003280000-0x0000000003283000-memory.dmp

Filesize
12KB

Download
memory/3028-11-0x0000000003290000-0x0000000003291000-memory.dmp

Filesize
4KB

Download
memory/3028-10-0x00000000008C0000-0x00000000008C1000-memory.dmp

Filesize
4KB

Download
memory/3028-9-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

Filesize
4KB

Download
memory/3028-8-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

Filesize
4KB

Download
memory/3028-7-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

Filesize
4KB

Download
memory/3028-6-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/3028-5-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/3028-4-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

Filesize
4KB

Download
memory/3028-3-0x00000000008D0000-0x00000000008D1000-memory.dmp

Filesize
4KB

Download
memory/3028-2-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/3028-95-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download