Overview

overview

7

Static

static

3

6384bf4d8e...3d.exe

windows7-x64

7

6384bf4d8e...3d.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    140s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/01/2024, 20:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6384bf4d8e4722cc01528b92cefe0b3d.exe

  • Size

    20KB

  • MD5

    6384bf4d8e4722cc01528b92cefe0b3d

  • SHA1

    96ccd3fe42c057ee86d5208d18ccd6264460ac0d

  • SHA256

    5afa5474a69d794a9156e273cf174e0440d0a186ef2999aa77db6a27d1865a50

  • SHA512

    9f6abe96fe374482d5d4918e97e7bca6003689ea09be4a5a1b44248f0e5573367daabd3a2b8780d2da8975ecba749bef9f956522325125ff69e3ab25c0f8354a

  • SSDEEP

    384:XIRMOMw61y+jXQSI6vTWe1A7V6ggTkO4ChNQ/YRCIKU7ZuCR7XrJFM:XMzKVQSBL1A1gAO5jCIHZuCRXrJi

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6384bf4d8e4722cc01528b92cefe0b3d.exe
    "C:\Users\Admin\AppData\Local\Temp\6384bf4d8e4722cc01528b92cefe0b3d.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\delself0.bat
      2⤵
        PID:5068

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\delself0.bat
            Filesize

            197B

            MD5

            1675a907edc3dc960b33b04bd79c151f

            SHA1

            16dc9a9cca2457b993ab12bb49b1f7db9a6980f7

            SHA256

            f80877e016ffaed275dae668122a80be0e470ad4cf740bb0466c223954777874

            SHA512

            75665a2456e67aab7b6f2bf2255eca76c78621f40fdf413433a41b01d6bbbc89969005c0461345cd82a9ba11911d2a985bf68beb35b865d8e93759fa0a582b5d

            Download Submit

          • memory/2252-0-0x0000000000400000-0x000000000040C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2252-4-0x0000000000400000-0x000000000040C000-memory.dmp

            Filesize

            48KB

            Download