21cb27bac2b9299249a508a50586814a56c632088b95baa91b02592d868adbc6

Analysis

max time kernel
133s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

642a3973cd68fb8b154153f51a04a94d.exe
Size

778KB
MD5

642a3973cd68fb8b154153f51a04a94d
SHA1

c4ec5065bdc44de32ca065835f679f211d130566
SHA256

21cb27bac2b9299249a508a50586814a56c632088b95baa91b02592d868adbc6
SHA512

e757fe455a5d4b83c9edf0b265b56540e42bd24f6c122a0e86028eaa51a8dae804e4bdc90bec70e53f06624c9203fb3a3b9ef27b6a7e16a74b86b6d9d607a7b8
SSDEEP

24576:ViFPxWXwq38PUR1y7IncWZrsqo557m7raH:VgPk+UR1PcS6r7z

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2396	642a3973cd68fb8b154153f51a04a94d.tmp

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2520	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 2396	1464	642a3973cd68fb8b154153f51a04a94d.exe	88
PID 1464 wrote to memory of 2396	1464	642a3973cd68fb8b154153f51a04a94d.exe	88
PID 1464 wrote to memory of 2396	1464	642a3973cd68fb8b154153f51a04a94d.exe	88

C:\Users\Admin\AppData\Local\Temp\642a3973cd68fb8b154153f51a04a94d.exe
"C:\Users\Admin\AppData\Local\Temp\642a3973cd68fb8b154153f51a04a94d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Users\Admin\AppData\Local\Temp\is-IR8UB.tmp\642a3973cd68fb8b154153f51a04a94d.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-IR8UB.tmp\642a3973cd68fb8b154153f51a04a94d.tmp" /SL5="$80064,758190,81408,C:\Users\Admin\AppData\Local\Temp\642a3973cd68fb8b154153f51a04a94d.exe"
  2⤵
  - Executes dropped EXE
  PID:2396

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4428

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-IR8UB.tmp\642a3973cd68fb8b154153f51a04a94d.tmp

Filesize
54KB

MD5
7ac46d465fcc339c548a1d5650deccb0

SHA1
7bb3b764f5ce0d7e8ec84611e7a4f94c16da96ba

SHA256
901136442409b355d2c6eacc8b689419102f17040b2e1a78381159104dfe284b

SHA512
53db1cd9f05d17f5df6be4b82e27c2f3506b967b72123b06be6f7e85c64d203abff29fd12d2e62fdf20dccc0b997b9c10238ec54ec77a69a92ff25b54e538715

Download Submit
memory/1464-11-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1464-3-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1464-0-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2396-7-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2396-10-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2396-9-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2520-12-0x0000028F56670000-0x0000028F56680000-memory.dmp

Filesize
64KB

Download
memory/2520-28-0x0000028F56770000-0x0000028F56780000-memory.dmp

Filesize
64KB

Download
memory/2520-44-0x0000028F5EAE0000-0x0000028F5EAE1000-memory.dmp

Filesize
4KB

Download
memory/2520-46-0x0000028F5EB10000-0x0000028F5EB11000-memory.dmp

Filesize
4KB

Download
memory/2520-47-0x0000028F5EB10000-0x0000028F5EB11000-memory.dmp

Filesize
4KB

Download
memory/2520-48-0x0000028F5EC20000-0x0000028F5EC21000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads