toxiceye | e266f576625221648379d9a1d512d19bfce7379b7e2ae0192e3ea2e69de14b0d

Analysis

max time kernel
1s
max time network
26s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2024 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59048850afb594c657d732a4e0b39471.exe
Size

55KB
MD5

59048850afb594c657d732a4e0b39471
SHA1

84710fbc564f6db75ca86d5646ac437b1f714f45
SHA256

e266f576625221648379d9a1d512d19bfce7379b7e2ae0192e3ea2e69de14b0d
SHA512

ac84f9b235d1f4a7c8089479067906c9267aba74ac14dbf8eb4779a2caf408c51041fa14210ab2955ca42f156f44439b91801363f50a5433a07d0c8fec4d1fad
SSDEEP

1536:3NQyUmnyAxXJkjjr2QULyLlIkECBkQ6NVAaXZMR:3NQRmnkr21GLlIkECBkQ6NVAaXY

Score

10^/10

toxiceye rat trojan

Malware Config

Signatures

ToxicEye
ToxicEye is a trojan written in C#.
rat trojan toxiceye
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exeschtasks.exe

pid process

1004 schtasks.exe
864 schtasks.exe
Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

2188 timeout.exe
Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery
T1057

Processes:

tasklist.exe

pid process

2832 tasklist.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

59048850afb594c657d732a4e0b39471.exe

description pid process

Token: SeDebugPrivilege 2460 59048850afb594c657d732a4e0b39471.exe

pid	process
1004	schtasks.exe
864	schtasks.exe

pid	process
2188	timeout.exe

pid	process
2832	tasklist.exe

description	pid	process
Token: SeDebugPrivilege	2460	59048850afb594c657d732a4e0b39471.exe

C:\Users\Admin\AppData\Local\Temp\59048850afb594c657d732a4e0b39471.exe
"C:\Users\Admin\AppData\Local\Temp\59048850afb594c657d732a4e0b39471.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2460
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\users\Chrome_Update.exe"
  2⤵
  - Creates scheduled task(s)
  PID:1004
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp59B9.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp59B9.tmp.bat
  2⤵
  PID:2068
- - C:\Windows\system32\tasklist.exe
    Tasklist /fi "PID eq 2460"
    3⤵
    - Enumerates processes with tasklist
    PID:2832
- - C:\Windows\system32\find.exe
    find ":"
    3⤵
    PID:2784
- - C:\Windows\system32\timeout.exe
    Timeout /T 1 /Nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2188
- - C:\Users\users\Chrome_Update.exe
    "Chrome_Update.exe"
    3⤵
    PID:1704
  - - C:\Windows\System32\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\users\Chrome_Update.exe"
      4⤵
      Creates scheduled task(s)
      PID:864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp59B9.tmp.bat

Filesize
216B

MD5
0a89a3b7f8d7c2a26ba2b2e63e7fdbcc

SHA1
7552780459e7f5cd828bc325a0793e0c7cfecdb2

SHA256
cb68fb3d52fdeadd185677921d7305ed92948075ea5c76f4cd725136ed44bc22

SHA512
a04516d7a3dc900ac55c4ad8324b3ff403da446b8b63e075b32b2df8ad0c51060636659ffbc517eddde28d30f9e1f7be6b570fa1cc065d19a29e6af2b9cac091

Download Submit
C:\Users\users\Chrome_Update.exe

Filesize
55KB

MD5
59048850afb594c657d732a4e0b39471

SHA1
84710fbc564f6db75ca86d5646ac437b1f714f45

SHA256
e266f576625221648379d9a1d512d19bfce7379b7e2ae0192e3ea2e69de14b0d

SHA512
ac84f9b235d1f4a7c8089479067906c9267aba74ac14dbf8eb4779a2caf408c51041fa14210ab2955ca42f156f44439b91801363f50a5433a07d0c8fec4d1fad

Download Submit
memory/1704-13-0x00000261CB3C0000-0x00000261CB3D0000-memory.dmp

Filesize
64KB

Download
memory/1704-12-0x00007FFE86180000-0x00007FFE86C41000-memory.dmp

Filesize
10.8MB

Download
memory/2460-0-0x00000278C5C30000-0x00000278C5C44000-memory.dmp

Filesize
80KB

Download
memory/2460-1-0x00000278C6000000-0x00000278C6022000-memory.dmp

Filesize
136KB

Download
memory/2460-2-0x00007FFE86510000-0x00007FFE86FD1000-memory.dmp

Filesize
10.8MB

Download
memory/2460-3-0x00000278C60B0000-0x00000278C60C0000-memory.dmp

Filesize
64KB

Download
memory/2460-8-0x00007FFE86510000-0x00007FFE86FD1000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads