73c921c53eef0a6e8804f337c4512cc0bf58fc6d429e551912c686b1d8e1ac2d

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 07:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a9e2d586a4087582726818e190d4c78.exe
Size

630KB
MD5

5a9e2d586a4087582726818e190d4c78
SHA1

8abd1a1442a4f7cd4758b7190ba652fc0eb10efd
SHA256

73c921c53eef0a6e8804f337c4512cc0bf58fc6d429e551912c686b1d8e1ac2d
SHA512

8c1a31a8bcb6b5ce709de491bea046388705c6b7e16b5ab5fe98b9870d77a7c680997913a41947b75a8f104ad9c165372a4d08ab74fb99b9bb2c6c31da9f55bc
SSDEEP

12288:A110mfqsMH+PUtUIgXmL3dQTF3Z4mxx7UcLGEt8eDFmT56I2q:A110sMePUrtQTQmXYciEBDFy5Sq

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1216	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
1812	system3.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system3.exe	5a9e2d586a4087582726818e190d4c78.exe
File opened for modification	C:\Windows\system3.exe	5a9e2d586a4087582726818e190d4c78.exe
File created	C:\Windows\uninstal.bat	5a9e2d586a4087582726818e190d4c78.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	860	5a9e2d586a4087582726818e190d4c78.exe
Token: SeDebugPrivilege	1812	system3.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1812	system3.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 2924	1812	system3.exe	29
PID 1812 wrote to memory of 2924	1812	system3.exe	29
PID 1812 wrote to memory of 2924	1812	system3.exe	29
PID 1812 wrote to memory of 2924	1812	system3.exe	29
PID 860 wrote to memory of 1216	860	5a9e2d586a4087582726818e190d4c78.exe	30
PID 860 wrote to memory of 1216	860	5a9e2d586a4087582726818e190d4c78.exe	30
PID 860 wrote to memory of 1216	860	5a9e2d586a4087582726818e190d4c78.exe	30
PID 860 wrote to memory of 1216	860	5a9e2d586a4087582726818e190d4c78.exe	30
PID 860 wrote to memory of 1216	860	5a9e2d586a4087582726818e190d4c78.exe	30
PID 860 wrote to memory of 1216	860	5a9e2d586a4087582726818e190d4c78.exe	30
PID 860 wrote to memory of 1216	860	5a9e2d586a4087582726818e190d4c78.exe	30

C:\Users\Admin\AppData\Local\Temp\5a9e2d586a4087582726818e190d4c78.exe
"C:\Users\Admin\AppData\Local\Temp\5a9e2d586a4087582726818e190d4c78.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:860
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\uninstal.bat
  2⤵
  - Deletes itself
  PID:1216

C:\Windows\system3.exe
C:\Windows\system3.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system3.exe

Filesize
630KB

MD5
5a9e2d586a4087582726818e190d4c78

SHA1
8abd1a1442a4f7cd4758b7190ba652fc0eb10efd

SHA256
73c921c53eef0a6e8804f337c4512cc0bf58fc6d429e551912c686b1d8e1ac2d

SHA512
8c1a31a8bcb6b5ce709de491bea046388705c6b7e16b5ab5fe98b9870d77a7c680997913a41947b75a8f104ad9c165372a4d08ab74fb99b9bb2c6c31da9f55bc

Download Submit
C:\Windows\uninstal.bat

Filesize
190B

MD5
a51f4893b042695de9aeb049ed9efad8

SHA1
aa8bbde5762b42a1016fd35b20e67c263554ef0f

SHA256
a2da60d508ec367ae91db11dc343ba159912b6e8170de5b419891846693408b1

SHA512
68f63c16c0b68b4cad7444c77313e57ca68dae8bf0859d95d3b6a9ead9d6fedc7a02e3ea4dc9f34d862ffaa9379d005728b0324116e1456f00bdf76fe1935b36

Download Submit
memory/860-0-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download
memory/860-1-0x0000000000520000-0x0000000000574000-memory.dmp

Filesize
336KB

Download
memory/860-3-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

Filesize
4KB

Download
memory/860-13-0x0000000003360000-0x0000000003361000-memory.dmp

Filesize
4KB

Download
memory/860-12-0x0000000003260000-0x0000000003263000-memory.dmp

Filesize
12KB

Download
memory/860-11-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/860-10-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/860-9-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/860-8-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/860-7-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/860-6-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/860-5-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/860-4-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/860-2-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

Filesize
4KB

Download
memory/860-14-0x00000000032B0000-0x00000000032B1000-memory.dmp

Filesize
4KB

Download
memory/860-35-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/860-56-0x0000000003F50000-0x0000000003F51000-memory.dmp

Filesize
4KB

Download
memory/860-65-0x0000000004130000-0x0000000004131000-memory.dmp

Filesize
4KB

Download
memory/860-64-0x0000000004140000-0x0000000004141000-memory.dmp

Filesize
4KB

Download
memory/860-63-0x0000000004110000-0x0000000004111000-memory.dmp

Filesize
4KB

Download
memory/860-62-0x0000000004120000-0x0000000004121000-memory.dmp

Filesize
4KB

Download
memory/860-61-0x00000000040F0000-0x00000000040F1000-memory.dmp

Filesize
4KB

Download
memory/860-60-0x0000000004100000-0x0000000004101000-memory.dmp

Filesize
4KB

Download
memory/860-59-0x00000000040D0000-0x00000000040D1000-memory.dmp

Filesize
4KB

Download
memory/860-58-0x0000000003F70000-0x0000000003F71000-memory.dmp

Filesize
4KB

Download
memory/860-57-0x0000000003F80000-0x0000000003F81000-memory.dmp

Filesize
4KB

Download
memory/860-55-0x0000000003F60000-0x0000000003F61000-memory.dmp

Filesize
4KB

Download
memory/860-54-0x0000000003F30000-0x0000000003F31000-memory.dmp

Filesize
4KB

Download
memory/860-53-0x0000000003F40000-0x0000000003F41000-memory.dmp

Filesize
4KB

Download
memory/860-52-0x0000000003F10000-0x0000000003F11000-memory.dmp

Filesize
4KB

Download
memory/860-51-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/860-50-0x0000000003570000-0x0000000003571000-memory.dmp

Filesize
4KB

Download
memory/860-49-0x0000000003580000-0x0000000003581000-memory.dmp

Filesize
4KB

Download
memory/860-48-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/860-47-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/860-46-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/860-45-0x0000000003500000-0x0000000003501000-memory.dmp

Filesize
4KB

Download
memory/860-44-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/860-43-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/860-42-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/860-41-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/860-40-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/860-39-0x00000000034A0000-0x00000000034A1000-memory.dmp

Filesize
4KB

Download
memory/860-38-0x00000000034B0000-0x00000000034B1000-memory.dmp

Filesize
4KB

Download
memory/860-37-0x0000000003480000-0x0000000003481000-memory.dmp

Filesize
4KB

Download
memory/860-36-0x0000000003490000-0x0000000003491000-memory.dmp

Filesize
4KB

Download
memory/860-34-0x0000000003340000-0x0000000003341000-memory.dmp

Filesize
4KB

Download
memory/860-33-0x0000000003350000-0x0000000003351000-memory.dmp

Filesize
4KB

Download
memory/860-32-0x0000000003320000-0x0000000003321000-memory.dmp

Filesize
4KB

Download
memory/860-31-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/860-30-0x0000000003300000-0x0000000003301000-memory.dmp

Filesize
4KB

Download
memory/860-29-0x0000000003310000-0x0000000003311000-memory.dmp

Filesize
4KB

Download
memory/860-28-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/860-27-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/860-26-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/860-25-0x00000000032D0000-0x00000000032D1000-memory.dmp

Filesize
4KB

Download
memory/860-24-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/860-23-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/860-22-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/860-21-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/860-20-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/860-19-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/860-18-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/860-17-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/860-166-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download