96040b9ce66777ae794307e10aab36b48e39b8392c13a1b6a5434640a959cb73

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13-01-2024 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

595fba9869aabb57ce1eda59c6504a3a.exe
Size

729KB
MD5

595fba9869aabb57ce1eda59c6504a3a
SHA1

53d82b4df3c4537c71099e00a367b940a05d792e
SHA256

96040b9ce66777ae794307e10aab36b48e39b8392c13a1b6a5434640a959cb73
SHA512

820920b5fa5eae0d0d6fda557611e80c85be4245bad0939c6dc8f3f8adc51f19ae0415bdad0418017b9450ebb7bc53d1161bc65705bdf271c555ef39a2dd139d
SSDEEP

12288:CfbAKlys908EZrdVOaUy2Uq5k0y98mqeJF3Z4mxxnDqVTVOCTjf:CfbA7sodVOEbnqYQmX2VTz3

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2728	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2576	login.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2576 set thread context of 2540	2576	login.exe	29

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\login.exe	595fba9869aabb57ce1eda59c6504a3a.exe
File opened for modification	C:\Program Files (x86)\login.exe	595fba9869aabb57ce1eda59c6504a3a.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\UNINSTAL.BAT	595fba9869aabb57ce1eda59c6504a3a.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2936	595fba9869aabb57ce1eda59c6504a3a.exe
Token: SeDebugPrivilege	2576	login.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 2540	2576	login.exe	29
PID 2576 wrote to memory of 2540	2576	login.exe	29
PID 2576 wrote to memory of 2540	2576	login.exe	29
PID 2576 wrote to memory of 2540	2576	login.exe	29
PID 2576 wrote to memory of 2540	2576	login.exe	29
PID 2576 wrote to memory of 2540	2576	login.exe	29
PID 2936 wrote to memory of 2728	2936	595fba9869aabb57ce1eda59c6504a3a.exe	31
PID 2936 wrote to memory of 2728	2936	595fba9869aabb57ce1eda59c6504a3a.exe	31
PID 2936 wrote to memory of 2728	2936	595fba9869aabb57ce1eda59c6504a3a.exe	31
PID 2936 wrote to memory of 2728	2936	595fba9869aabb57ce1eda59c6504a3a.exe	31
PID 2936 wrote to memory of 2728	2936	595fba9869aabb57ce1eda59c6504a3a.exe	31
PID 2936 wrote to memory of 2728	2936	595fba9869aabb57ce1eda59c6504a3a.exe	31
PID 2936 wrote to memory of 2728	2936	595fba9869aabb57ce1eda59c6504a3a.exe	31

C:\Users\Admin\AppData\Local\Temp\595fba9869aabb57ce1eda59c6504a3a.exe
"C:\Users\Admin\AppData\Local\Temp\595fba9869aabb57ce1eda59c6504a3a.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\UNINSTAL.BAT
  2⤵
  - Deletes itself
  PID:2728

C:\Program Files (x86)\login.exe
"C:\Program Files (x86)\login.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2576
- C:\WINDOWS\SysWOW64\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  2⤵
  PID:2540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\login.exe

Filesize
48KB

MD5
627c16d41b019d8f1f31ff9db3d3b0ed

SHA1
90257dcaafa0cedf3e6d377d36261f57166cd3b2

SHA256
03b1746293f42405cf820518a3fcf74512ae6994a3d81ee5981616e9233c997b

SHA512
bf7754d36171afd97f0a6dc7ee60b664b994de3e6fd318673db3fd30a1d14f800a5c923642c14e40832e54a7456e3b612226be6ce090673e8e0286bdeea1fb1e

Download Submit
C:\Program Files (x86)\login.exe

Filesize
26KB

MD5
8e20aa1fa77393bca112e0e5b8a75fce

SHA1
741115340604ccca5de35fe3491890ae582e74d4

SHA256
0ce71b12742146050746f3fe0cc3859f47efdf07fb3cf514e9c9e401edf6b5c6

SHA512
ffeadc1f56c06e2a294504bb7e0db9284ff2122dff3934b7685a74c43460dac51f08f47febc6ebaa6c0d7d94133f5a7e50c563f283c17e443917f1d25b569dc8

Download Submit
C:\Windows\UNINSTAL.BAT

Filesize
186B

MD5
587384462d0b78d4fcc371ec53019c26

SHA1
e02c46208e6b5e43c6d58457c84354225310a318

SHA256
3aaeb74f67b2e5bf78392cd043ce9d2ed82ecb304e49827dfc72ee2822bbb482

SHA512
4c6c9704fe95c41c7dc7f3326fbc133d22666dbf7c2467d59b22c9b508a94c0ebac7a25ff70649e7c9d9ef0c3a0e1c81b214e6fb15bb2b0ad7c51d0374a0c906

Download Submit
memory/2540-88-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2540-93-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download
memory/2540-97-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download
memory/2540-99-0x00000000007E0000-0x00000000007E0000-memory.dmp

Download
memory/2576-147-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download
memory/2936-51-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-50-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-8-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

Filesize
4KB

Download
memory/2936-17-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-23-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-46-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-29-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-27-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-26-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-25-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-32-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-38-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-44-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-45-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-54-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-56-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-57-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-55-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-59-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-64-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-65-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-63-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-62-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-61-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-60-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-43-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-53-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-52-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-14-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-49-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-48-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-47-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-28-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-11-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-58-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-42-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-41-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-40-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-9-0x0000000002020000-0x0000000002021000-memory.dmp

Filesize
4KB

Download
memory/2936-39-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-37-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-36-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-35-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-34-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-33-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-31-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-30-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-24-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-22-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-21-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-20-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-19-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-18-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2936-16-0x0000000003380000-0x00000000033C0000-memory.dmp

Filesize
256KB

Download
memory/2936-15-0x0000000003380000-0x00000000033C0000-memory.dmp

Filesize
256KB

Download
memory/2936-7-0x0000000002000000-0x0000000002001000-memory.dmp

Filesize
4KB

Download
memory/2936-6-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2936-5-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/2936-4-0x0000000002010000-0x0000000002011000-memory.dmp

Filesize
4KB

Download
memory/2936-3-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2936-2-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

Filesize
4KB

Download
memory/2936-1-0x0000000000380000-0x00000000003D4000-memory.dmp

Filesize
336KB

Download
memory/2936-144-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download
memory/2936-10-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2936-0-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download