Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/01/2024, 17:47
Behavioral task
behavioral1
Sample
6febf9009df8b33329a8e746ac27f334.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6febf9009df8b33329a8e746ac27f334.exe
Resource
win10v2004-20231215-en
General
-
Target
6febf9009df8b33329a8e746ac27f334.exe
-
Size
5.7MB
-
MD5
6febf9009df8b33329a8e746ac27f334
-
SHA1
a986814ea927d3c6c7e229eed2b22b7b03e139e2
-
SHA256
ad16e884ae04e09b369bd2febbf1e928a556286909192702c82fd8b573bd461b
-
SHA512
cf044c5bc1770a497a9fb1fe03ac30d6d10b50c1bc871468250feb8fea9fb80bccbd338c7887a095d9a3c8d04338b514e9111faebcf6ac19ccfec927990f0e69
-
SSDEEP
98304:5oMJ3z2O5lMrxpOB1v7sHz/M9Aet17bjCma4WLB3w+vsEHgQ4/jDSDWzyeva/FBW:aQjZ5lMNpa1Az/qthCmWLdZHQztva/rS
Malware Config
Signatures
-
Loads dropped DLL 11 IoCs
pid Process 2780 6febf9009df8b33329a8e746ac27f334.exe 2780 6febf9009df8b33329a8e746ac27f334.exe 2780 6febf9009df8b33329a8e746ac27f334.exe 2780 6febf9009df8b33329a8e746ac27f334.exe 2780 6febf9009df8b33329a8e746ac27f334.exe 2780 6febf9009df8b33329a8e746ac27f334.exe 2780 6febf9009df8b33329a8e746ac27f334.exe 2780 6febf9009df8b33329a8e746ac27f334.exe 2780 6febf9009df8b33329a8e746ac27f334.exe 2780 6febf9009df8b33329a8e746ac27f334.exe 2780 6febf9009df8b33329a8e746ac27f334.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 35 2780 6febf9009df8b33329a8e746ac27f334.exe Token: SeDebugPrivilege 2780 6febf9009df8b33329a8e746ac27f334.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1068 wrote to memory of 2780 1068 6febf9009df8b33329a8e746ac27f334.exe 29 PID 1068 wrote to memory of 2780 1068 6febf9009df8b33329a8e746ac27f334.exe 29 PID 1068 wrote to memory of 2780 1068 6febf9009df8b33329a8e746ac27f334.exe 29 PID 1068 wrote to memory of 2780 1068 6febf9009df8b33329a8e746ac27f334.exe 29 PID 2780 wrote to memory of 2612 2780 6febf9009df8b33329a8e746ac27f334.exe 30 PID 2780 wrote to memory of 2612 2780 6febf9009df8b33329a8e746ac27f334.exe 30 PID 2780 wrote to memory of 2612 2780 6febf9009df8b33329a8e746ac27f334.exe 30 PID 2780 wrote to memory of 2612 2780 6febf9009df8b33329a8e746ac27f334.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe"C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1068 -
C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe"C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe"2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2780 -
C:\windows\SysWOW64\schtasks.exeC:\windows\system32\schtasks.exe3⤵PID:2612
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
81KB
MD5a2523ea6950e248cbdf18c9ea1a844f6
SHA1549c8c2a96605f90d79a872be73efb5d40965444
SHA2566823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4
SHA5122141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a
-
Filesize
93KB
MD53af3107bb4bbe61cf16075ea8196cfcc
SHA1e87b263dc73047a7f72af74b02d3deefd76c97dd
SHA2565dfe799784ab7fb0727bfed0edf16cc582dbf38eefac16b487874693c707c762
SHA512564895b93154916900b67c6e382ebaf0fe3953dbff9c4b6c99f74691e5f7282e28520a4cdcec5dcb6d199806aa33d7904865159d722c88839883913b9661bcaa
-
Filesize
1.1MB
MD54b513969daebd22c88a6453607a70cc1
SHA103cba2aaccab6498bdd3fb9e7b7900741d89374f
SHA256f549a7a432ad4dbdcd6343d44550fb7d94fd34881487d420aca6db2704378022
SHA51202f8af9f25479941a9657f06268e00db2026f2d405244964290b0fe97cdf72e0bef0d10cc52e6bcaaf2105849d1ff6f23a14f11275cfe8c4b3d3e03a7857d5c7
-
Filesize
172KB
MD541c28d076a29ef39ada6a88c13a20f26
SHA1b679297c4fddf2a083901820b3831e9defeb8868
SHA2566e1beffb1735804a476b247c364c636a6d8205c59fe6817f91d4765f40684d35
SHA512c40a60a6b31d81c7e18cc2dfec62c75e6a00c5336201c40b61df11489ae68e399f8321c6c5bdb21c5e41fa73c5bc6a2b2d43c998ddd3a2730dd2d8db362cfff7
-
Filesize
53KB
MD57e3a0b776d9f2e541cc229914550f73c
SHA18a4804554da4fda9b5ee26350892160cb68b3192
SHA25625605e93c25765780296a13b131eeeccc058e85e75396782a431923b8e5986ee
SHA5128f3aa12b83b960c99c43d478fa78dd5319d1cb8095834246e769990e75bd3af22690dc212867bd3a1a358eddd5bb2bf119f9fd8b1a92e689ceb98a77411e24c4
-
Filesize
1.4MB
MD5390f2cfcb0a28c8b40dc765027db860a
SHA1a847084eebb1b4cc5b391654b14cfaa20fba9951
SHA2562a8968976eefa6654ad0180c84827cfdf846fecac371921cb4c1429f7482d202
SHA51248f99918bb0f13d5989406fcc748ea86d4f9053379bef59c81bf48c62ae4563fcccb709f8d00b4b2b29a4f7b7c5c836e9cfec5314ecff7fdf07d98d1701e9c75
-
Filesize
718KB
MD55014f4d3db24de420a401c0778918e2c
SHA13a595c6a983a93a7753870252f163dc8a1fc79ca
SHA25622dd03af519c999f114f44049d350e0cc886323a06a79854068adc7e568caae3
SHA512143a689e591f483296e906ce4ac4295ad8476610802515315fc4d8af42dd228c00680ecfa6a08a4cfc2d2d1b9438b64a5ece24345c32c6addb18790579449152
-
Filesize
54KB
MD595e7df8d97acddd70efc26aa1efe0a7c
SHA11dcbcdde4cf6adc64882086ace539c8b86d313d8
SHA256b2af31f74b0963f45ea5dd5df2948a0713c837776c57c57da4f772da132ed818
SHA512b78e6e1a90c5a36fdc042ee11466e0ee70588e207d31791da17021be16e487dc4d5c44efd1b576206f194b5de14fd5d7e42b813245abedb05f5fdcc55a238b04
-
Filesize
3.1MB
MD556c6b77c9e833643eb8879cba8b25ca4
SHA142e476ae69ce242ac8568157051ccc5b2690188f
SHA2569829b8779d904e95972e751c1d6e275c07027e642dde03b63f9c62f67daf73d7
SHA5123afe1d94cd2f50d3fd33d65364969a538b9d8401977cdf46a0f5bdf5595ceb80e6ce9e36b7349a664a35afb6d8a4910ac623c1ae86936a4c0794d7fec6ded1e8
-
Filesize
1KB
MD525d73be1f056a07f175030fb2c2cba42
SHA1c7b316ae764192c0caae5d1dbf218024f8a4857b
SHA256d77e1a1da4150ec7670f5d77d718ba4af2bcf6e6cf5c57eebc767c60bb34e135
SHA51227e87160fde48fe973a343b3c629e97d1b391e759fcf09ed4c5d3621939c6ce58cef2e26891b986b7f19cbb8d48b114efcd2db9b0e68fa6567b28d3ccebdbe33
-
Filesize
868KB
MD5508f09979281f99a61d8a2d2165614dd
SHA1c7f04719b0325c5c2e2de2b9ea9e2db81f8376ee
SHA256fad1cb2d4eb57612461bc6fa75c6ee827d7fbef15a78031ec9ea251312ba0f0e
SHA5128ce9ac7ff375dc820aaadc7ef558da6dd34b66abb7a19095e5aaf43e3717d5b0f03b1d9a3886baa23772a3bf0fa97e4eacccb572bd416ec72e599dba516d1a3d
-
Filesize
69KB
MD5349b15b78e073cf51e87396264b46458
SHA1feb9d0cc20b039247b7575162f902193998d07d4
SHA2563163faab1d971649e78497200382286cac7b4c9302dd49c2fab8be287466f89b
SHA5127509d19a4566559d1b701db3249d44bd58bfc62585f4251c27bf91bdcab4d6bd20cc46b63a5410370dbe30cc5cab6bca143b9db1325aca2ee98621b1ecee5b81
-
Filesize
16KB
MD553180ac77de73a05568cc8f7bf0ccc37
SHA11ae29bd26716b46a4c441f9454169d6a26d451b1
SHA25611bad8fccaf9cd3c8a1de238a6dad3a4289be1d2e1d97bacf213cd0f3c2b1e75
SHA5120b30ba9478a7d91c1a3d143d997a4d1e1288dd53f4586005b62f9d64a3d0b051d0b1ae8dd8d252dd36ca57e997138927dd7f22a3d43234432927f6156cb1d3cb