1c64ddccc741b77f3be2a7a818612432794ec8c0f4882cd17af37a7812807922

Analysis

max time kernel
136s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 07:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6704ef3db9bff4f5b91f8d68a09503bf.exe
Size

305KB
MD5

6704ef3db9bff4f5b91f8d68a09503bf
SHA1

b7bcae51ac1a6b24925ba7ace36443f85194c9c4
SHA256

1c64ddccc741b77f3be2a7a818612432794ec8c0f4882cd17af37a7812807922
SHA512

a13c41997c7e26c332bef32096cd9b963e6f81f4a783e895031ad8cc228e7356efb98e6a51677f08bf374d350dbd922a689bc4cfece0e5b5ec5c2d0c8674ce7e
SSDEEP

6144:M/2SMznif2PSqAsi+O6Fe73SLjHTfGG0KeAP9y5sO:M/g75nA1+O6g3SL36cw5X

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2728	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2256	system

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\uninstal.bat	6704ef3db9bff4f5b91f8d68a09503bf.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2420	6704ef3db9bff4f5b91f8d68a09503bf.exe
Token: SeDebugPrivilege	2256	system

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2256	system

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2728	2420	6704ef3db9bff4f5b91f8d68a09503bf.exe	29
PID 2420 wrote to memory of 2728	2420	6704ef3db9bff4f5b91f8d68a09503bf.exe	29
PID 2420 wrote to memory of 2728	2420	6704ef3db9bff4f5b91f8d68a09503bf.exe	29
PID 2420 wrote to memory of 2728	2420	6704ef3db9bff4f5b91f8d68a09503bf.exe	29
PID 2420 wrote to memory of 2728	2420	6704ef3db9bff4f5b91f8d68a09503bf.exe	29
PID 2420 wrote to memory of 2728	2420	6704ef3db9bff4f5b91f8d68a09503bf.exe	29
PID 2420 wrote to memory of 2728	2420	6704ef3db9bff4f5b91f8d68a09503bf.exe	29

C:\Users\Admin\AppData\Local\Temp\6704ef3db9bff4f5b91f8d68a09503bf.exe
"C:\Users\Admin\AppData\Local\Temp\6704ef3db9bff4f5b91f8d68a09503bf.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\uninstal.bat
  2⤵
  - Deletes itself
  PID:2728

C:\Windowssystem\system
C:\Windowssystem\system
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\uninstal.bat

Filesize
190B

MD5
6c25f0995bc3319c1da31bd6d84daff2

SHA1
583f866645d28f2aeff4504a3bdccee720f26fef

SHA256
468ca690ff393cce2a3b6b711a1b2f2d724c62da24ff2305ece7868cb839bb5e

SHA512
f6002aa9b9345a961736732953205940057d8732f11285a8d575515f8571e17ba31f07ef328a8525c54bb5993d3040885eb9070cf80dc33c3d2daeebd674e197

Download Submit
C:\Windowssystem\system

Filesize
305KB

MD5
6704ef3db9bff4f5b91f8d68a09503bf

SHA1
b7bcae51ac1a6b24925ba7ace36443f85194c9c4

SHA256
1c64ddccc741b77f3be2a7a818612432794ec8c0f4882cd17af37a7812807922

SHA512
a13c41997c7e26c332bef32096cd9b963e6f81f4a783e895031ad8cc228e7356efb98e6a51677f08bf374d350dbd922a689bc4cfece0e5b5ec5c2d0c8674ce7e

Download Submit
memory/2256-14-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2256-15-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2256-27-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2256-26-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2256-16-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2256-13-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2256-10-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2256-11-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2256-12-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2420-8-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2420-0-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2420-2-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2420-3-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2420-1-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2420-7-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download
memory/2420-4-0x0000000000400000-0x00000000004C915D-memory.dmp

Filesize
804KB

Download