67ede6407855ec22985a843b52f5d5ad8169aafc396606f742029bf05d10233f

Analysis

max time kernel
145s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

641cd01e7405ae9fea7ab07cd90d7e92.exe
Size

593KB
MD5

641cd01e7405ae9fea7ab07cd90d7e92
SHA1

3eb0d97da4b62692ceca9ea7045ed3cc8356ecdf
SHA256

67ede6407855ec22985a843b52f5d5ad8169aafc396606f742029bf05d10233f
SHA512

b4d77a5d7c86b6c59cb704e2258d6acd7711b60f6b06d64b78ba4fd8cbe4e3c4a6c60ea92130490f5ee1b25cc5f587bce0e93ba12be6782653e1e784d07ea33b
SSDEEP

12288:xH6kPIA9mR9jXZkTMxRACxFF3Z4mxxtRvz2JG0/BY:xHNB9mRRpk4xWCHQmXtgJG0/G

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2580	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2740	Hacker.com.cn.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\Hacker.com.cn.exe	641cd01e7405ae9fea7ab07cd90d7e92.exe
File opened for modification	C:\Windows\Hacker.com.cn.exe	641cd01e7405ae9fea7ab07cd90d7e92.exe
File created	C:\Windows\uninstal.bat	641cd01e7405ae9fea7ab07cd90d7e92.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2092	641cd01e7405ae9fea7ab07cd90d7e92.exe
Token: SeDebugPrivilege	2740	Hacker.com.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2740	Hacker.com.cn.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2580	2092	641cd01e7405ae9fea7ab07cd90d7e92.exe	30
PID 2092 wrote to memory of 2580	2092	641cd01e7405ae9fea7ab07cd90d7e92.exe	30
PID 2092 wrote to memory of 2580	2092	641cd01e7405ae9fea7ab07cd90d7e92.exe	30
PID 2092 wrote to memory of 2580	2092	641cd01e7405ae9fea7ab07cd90d7e92.exe	30
PID 2092 wrote to memory of 2580	2092	641cd01e7405ae9fea7ab07cd90d7e92.exe	30
PID 2092 wrote to memory of 2580	2092	641cd01e7405ae9fea7ab07cd90d7e92.exe	30
PID 2092 wrote to memory of 2580	2092	641cd01e7405ae9fea7ab07cd90d7e92.exe	30
PID 2740 wrote to memory of 2464	2740	Hacker.com.cn.exe	29
PID 2740 wrote to memory of 2464	2740	Hacker.com.cn.exe	29
PID 2740 wrote to memory of 2464	2740	Hacker.com.cn.exe	29
PID 2740 wrote to memory of 2464	2740	Hacker.com.cn.exe	29

C:\Users\Admin\AppData\Local\Temp\641cd01e7405ae9fea7ab07cd90d7e92.exe
"C:\Users\Admin\AppData\Local\Temp\641cd01e7405ae9fea7ab07cd90d7e92.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\uninstal.bat
  2⤵
  - Deletes itself
  PID:2580

C:\Windows\Hacker.com.cn.exe
C:\Windows\Hacker.com.cn.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Hacker.com.cn.exe

Filesize
267KB

MD5
2cd6515d158d87c363b0ffa29e3b9b2a

SHA1
0c6516d8ae0ebaefa9c6ed430e8d2ff7676f0b3c

SHA256
d2a8026d0747ba46e93ff08724a90254cd245ff00600e25901dfb59041979eae

SHA512
47744f0246eca7f1d0c4e49965773107084911a0b124ad16db681b659dfae7b957c469ce08455378f81c805baa6661e33749a91df971a2294b63b5a526e8709b

Download Submit
C:\Windows\Hacker.com.cn.exe

Filesize
205KB

MD5
bb740e73f1b9186cc2e9a5e298bbc136

SHA1
7f23ca3bcfb0d6711247abcada6861e5d406e6c3

SHA256
a728c514cd12031ab7933f52241ca94dc82489857e57a8f75e0776c2cf7c513f

SHA512
d404c39cff4ae97ab4ae3a30d6a1dadc0400ed91dc11345df7c760c1fb3ebd480d7115e5857177ccabe47e4f89ecd053f216d3f0c2a0b9996d59da3249d24056

Download Submit
C:\Windows\uninstal.bat

Filesize
190B

MD5
09cc8a879facab99fcec5aab71cac9b5

SHA1
1296068e439a723274cc816a81f5af47c1987401

SHA256
6640aa359a1049ceda71efb7db48842866f1a9199128f37e17e16fc840ccffba

SHA512
e99ff744bef58f2d0b0403e335c7d917cf7eedda6c8b5e39483b67410a84247c6440f9e3621c8bf31e958b1e457310032c674b58382667fc59545695f4b94058

Download Submit
memory/2092-0-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/2092-1-0x0000000000570000-0x00000000005C4000-memory.dmp

Filesize
336KB

Download
memory/2092-2-0x0000000002040000-0x0000000002041000-memory.dmp

Filesize
4KB

Download
memory/2092-3-0x0000000002020000-0x0000000002021000-memory.dmp

Filesize
4KB

Download
memory/2092-4-0x0000000002070000-0x0000000002071000-memory.dmp

Filesize
4KB

Download
memory/2092-5-0x0000000000980000-0x0000000000981000-memory.dmp

Filesize
4KB

Download
memory/2092-6-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/2092-7-0x0000000002060000-0x0000000002061000-memory.dmp

Filesize
4KB

Download
memory/2092-8-0x0000000002050000-0x0000000002051000-memory.dmp

Filesize
4KB

Download
memory/2092-10-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/2092-11-0x0000000000990000-0x0000000000991000-memory.dmp

Filesize
4KB

Download
memory/2092-9-0x0000000002080000-0x0000000002081000-memory.dmp

Filesize
4KB

Download
memory/2092-12-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-13-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-17-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-18-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-16-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-20-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-19-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-21-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-22-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-23-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-24-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-25-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-26-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-27-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-28-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-29-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-33-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-32-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-31-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-36-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-34-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-39-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-44-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-43-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-42-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-40-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-46-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-48-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-47-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-45-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-53-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-55-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-54-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-52-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-56-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-51-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-50-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-49-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-41-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-59-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-60-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-61-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-62-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-63-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-57-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-38-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-65-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-64-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-66-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-79-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/2092-67-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-37-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-35-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2092-30-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/2740-68-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/2740-82-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download