Overview

overview

10

Static

static

3

666ea2df44...46.exe

windows7-x64

3

666ea2df44...46.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    161s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-01-2024 00:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    666ea2df44aee00fa0c7dc7d830eda46.exe

  • Size

    67KB

  • MD5

    666ea2df44aee00fa0c7dc7d830eda46

  • SHA1

    d964c51a5695b8aad2ed8459c96cb97912c72a69

  • SHA256

    500f1db6c1e58d03db0045fa91898d99ce791e7c186099913631490d21068b6c

  • SHA512

    80b878148762105f33f6e17c330078929b07efe19769e091971e8b03b91e379af19ab57c0c75f0ffe5ca6f17809f984c76db6852463219cf16e35d9d60040eb0

  • SSDEEP

    1536:ZxrENa0FEm658IAJI2OByGxBOFTYZJ5JB2mBa:LENRFEd8niByGxBJDhBa

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:616
    • C:\Users\Admin\AppData\Local\Temp\666ea2df44aee00fa0c7dc7d830eda46.exe
      "C:\Users\Admin\AppData\Local\Temp\666ea2df44aee00fa0c7dc7d830eda46.exe"
      1⤵
      • Modifies WinLogon for persistence
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1932

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/616-10-0x0000000000400000-0x0000000000417000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-15-0x000000003AA30000-0x000000003AA47000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-20-0x000000003AA50000-0x000000003AA67000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-25-0x000000003AA70000-0x000000003AA87000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-30-0x000000003AA90000-0x000000003AAA7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-35-0x000000003AAB0000-0x000000003AAC7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-40-0x000000003AAD0000-0x000000003AAE7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-45-0x000000003AAF0000-0x000000003AB07000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-50-0x000000003AB10000-0x000000003AB27000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-55-0x000000003AB30000-0x000000003AB47000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-60-0x000000003AB50000-0x000000003AB67000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-65-0x000000003AB70000-0x000000003AB87000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-70-0x000000003AB90000-0x000000003ABA7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-75-0x000000003ABB0000-0x000000003ABC7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-80-0x000000003ABD0000-0x000000003ABE7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-85-0x000000003ABF0000-0x000000003AC07000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-90-0x000000003AC10000-0x000000003AC27000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-95-0x000000003AC30000-0x000000003AC47000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-100-0x000000003AC50000-0x000000003AC67000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-105-0x000000003AC70000-0x000000003AC87000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-110-0x000000003AC90000-0x000000003ACA7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-115-0x000000003ACB0000-0x000000003ACC7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-120-0x000000003ACD0000-0x000000003ACE7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-125-0x000000003ACF0000-0x000000003AD07000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-130-0x000000003AD10000-0x000000003AD27000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-135-0x000000003AD30000-0x000000003AD47000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-140-0x000000003AD50000-0x000000003AD67000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-145-0x000000003AD70000-0x000000003AD87000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-150-0x000000003AD90000-0x000000003ADA7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-155-0x000000003ADB0000-0x000000003ADC7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-160-0x000000003ADD0000-0x000000003ADE7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-165-0x000000003ADF0000-0x000000003AE07000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-170-0x000000003AE10000-0x000000003AE27000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-175-0x000000003AE30000-0x000000003AE47000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-180-0x000000003AE50000-0x000000003AE67000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-185-0x000000003AE70000-0x000000003AE87000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-190-0x000000003AE90000-0x000000003AEA7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-195-0x000000003AEB0000-0x000000003AEC7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-200-0x000000003AED0000-0x000000003AEE7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-205-0x000000003AEF0000-0x000000003AF07000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-210-0x000000003AF10000-0x000000003AF27000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-215-0x000000003AF30000-0x000000003AF47000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-220-0x000000003AF50000-0x000000003AF67000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-225-0x000000003AF70000-0x000000003AF87000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-230-0x000000003AF90000-0x000000003AFA7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-235-0x000000003AFB0000-0x000000003AFC7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-240-0x000000003AFD0000-0x000000003AFE7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-245-0x000000003AFF0000-0x000000003B007000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-250-0x000000003B010000-0x000000003B027000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-255-0x000000003B030000-0x000000003B047000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-260-0x000000003B050000-0x000000003B067000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-265-0x000000003B070000-0x000000003B087000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-270-0x000000003B090000-0x000000003B0A7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-275-0x000000003B0B0000-0x000000003B0C7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-280-0x000000003B0D0000-0x000000003B0E7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-285-0x000000003B0F0000-0x000000003B107000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-290-0x000000003B110000-0x000000003B127000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-295-0x000000003B130000-0x000000003B147000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-300-0x000000003B150000-0x000000003B167000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-305-0x000000003B170000-0x000000003B187000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-310-0x000000003B190000-0x000000003B1A7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-315-0x000000003B1B0000-0x000000003B1C7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-320-0x000000003B1D0000-0x000000003B1E7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/616-325-0x000000003B1F0000-0x000000003B207000-memory.dmp

      Filesize

      92KB

      Download

    • memory/1932-0-0x0000000002170000-0x0000000002181000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1932-1-0x0000000000400000-0x0000000000417000-memory.dmp

      Filesize

      92KB

      Download