Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/01/2024, 17:47
Behavioral task
behavioral1
Sample
6febf9009df8b33329a8e746ac27f334.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6febf9009df8b33329a8e746ac27f334.exe
Resource
win10v2004-20231215-en
General
-
Target
6febf9009df8b33329a8e746ac27f334.exe
-
Size
5.7MB
-
MD5
6febf9009df8b33329a8e746ac27f334
-
SHA1
a986814ea927d3c6c7e229eed2b22b7b03e139e2
-
SHA256
ad16e884ae04e09b369bd2febbf1e928a556286909192702c82fd8b573bd461b
-
SHA512
cf044c5bc1770a497a9fb1fe03ac30d6d10b50c1bc871468250feb8fea9fb80bccbd338c7887a095d9a3c8d04338b514e9111faebcf6ac19ccfec927990f0e69
-
SSDEEP
98304:5oMJ3z2O5lMrxpOB1v7sHz/M9Aet17bjCma4WLB3w+vsEHgQ4/jDSDWzyeva/FBW:aQjZ5lMNpa1Az/qthCmWLdZHQztva/rS
Malware Config
Signatures
-
Loads dropped DLL 11 IoCs
pid Process 848 6febf9009df8b33329a8e746ac27f334.exe 848 6febf9009df8b33329a8e746ac27f334.exe 848 6febf9009df8b33329a8e746ac27f334.exe 848 6febf9009df8b33329a8e746ac27f334.exe 848 6febf9009df8b33329a8e746ac27f334.exe 848 6febf9009df8b33329a8e746ac27f334.exe 848 6febf9009df8b33329a8e746ac27f334.exe 848 6febf9009df8b33329a8e746ac27f334.exe 848 6febf9009df8b33329a8e746ac27f334.exe 848 6febf9009df8b33329a8e746ac27f334.exe 848 6febf9009df8b33329a8e746ac27f334.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 35 848 6febf9009df8b33329a8e746ac27f334.exe Token: SeDebugPrivilege 848 6febf9009df8b33329a8e746ac27f334.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 3224 wrote to memory of 848 3224 6febf9009df8b33329a8e746ac27f334.exe 87 PID 3224 wrote to memory of 848 3224 6febf9009df8b33329a8e746ac27f334.exe 87 PID 3224 wrote to memory of 848 3224 6febf9009df8b33329a8e746ac27f334.exe 87 PID 848 wrote to memory of 2976 848 6febf9009df8b33329a8e746ac27f334.exe 89 PID 848 wrote to memory of 2976 848 6febf9009df8b33329a8e746ac27f334.exe 89 PID 848 wrote to memory of 2976 848 6febf9009df8b33329a8e746ac27f334.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe"C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3224 -
C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe"C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe"2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:848 -
C:\windows\SysWOW64\schtasks.exeC:\windows\system32\schtasks.exe3⤵PID:2976
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
81KB
MD5a2523ea6950e248cbdf18c9ea1a844f6
SHA1549c8c2a96605f90d79a872be73efb5d40965444
SHA2566823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4
SHA5122141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a
-
Filesize
69KB
MD5349b15b78e073cf51e87396264b46458
SHA1feb9d0cc20b039247b7575162f902193998d07d4
SHA2563163faab1d971649e78497200382286cac7b4c9302dd49c2fab8be287466f89b
SHA5127509d19a4566559d1b701db3249d44bd58bfc62585f4251c27bf91bdcab4d6bd20cc46b63a5410370dbe30cc5cab6bca143b9db1325aca2ee98621b1ecee5b81
-
Filesize
93KB
MD53af3107bb4bbe61cf16075ea8196cfcc
SHA1e87b263dc73047a7f72af74b02d3deefd76c97dd
SHA2565dfe799784ab7fb0727bfed0edf16cc582dbf38eefac16b487874693c707c762
SHA512564895b93154916900b67c6e382ebaf0fe3953dbff9c4b6c99f74691e5f7282e28520a4cdcec5dcb6d199806aa33d7904865159d722c88839883913b9661bcaa
-
Filesize
559KB
MD5a68d3b7c5dbb52a63a59fb7464e4cfcc
SHA1ca080a3452bd4bb80437fc6856b9c49d21b9429e
SHA256f87688f17820a0ba7c3a785dac32a110cf81c5a341eb7036f57af4a3b19e70a2
SHA5120c0bf79e56927868956ce731e16f1ff2cfc98775952313139dd78e0877fe4310f7304b64d10691fc6718aa82868623aa18fd45df6e0c54cdf1e313127372d9a0
-
Filesize
471KB
MD5e55faaaf0e82fc0e0755ee4633fac2d1
SHA131f93c6059f446f6ce56c409b2641facd072b75e
SHA256ba6331b07b136b921bd624036f9a69bc7053ac76d7b8953f2bb73d37e9f4f628
SHA51232f40a634301be1351ac5d66a0c32e258c3e0d4351c107ee762406fee9084b1a92216c61aad7bf12af2cc389de51b3fa0f0474b53a3b96b2d64206483bf625f6
-
Filesize
172KB
MD541c28d076a29ef39ada6a88c13a20f26
SHA1b679297c4fddf2a083901820b3831e9defeb8868
SHA2566e1beffb1735804a476b247c364c636a6d8205c59fe6817f91d4765f40684d35
SHA512c40a60a6b31d81c7e18cc2dfec62c75e6a00c5336201c40b61df11489ae68e399f8321c6c5bdb21c5e41fa73c5bc6a2b2d43c998ddd3a2730dd2d8db362cfff7
-
Filesize
53KB
MD57e3a0b776d9f2e541cc229914550f73c
SHA18a4804554da4fda9b5ee26350892160cb68b3192
SHA25625605e93c25765780296a13b131eeeccc058e85e75396782a431923b8e5986ee
SHA5128f3aa12b83b960c99c43d478fa78dd5319d1cb8095834246e769990e75bd3af22690dc212867bd3a1a358eddd5bb2bf119f9fd8b1a92e689ceb98a77411e24c4
-
Filesize
261KB
MD5a10957cea5320b03c2f4a710c2e5b63e
SHA153700a6efa3bd3e8b3598a8d422f742464a87d3b
SHA2560ce7a5de2667fc2678b1ea72551d1b45d27d1dbf16de34b951b7a48e6b4956bf
SHA512c468505017e2033bb2de2d47fd93ac1ff74c76bb4184037f57e882196119907d4a770994980c73cf211e6c9511a26546e987bf72cf596fb20af69878b4239e67
-
Filesize
294KB
MD5b4965c2d1addb0058f30a7855a36ce7f
SHA14e1bc5455efcd2c8fdeeb3d013c0b7148650c168
SHA256aeb2a7b773e3d76d16cb2518580b6056a2f86a21571849dee55e67c32a73ce04
SHA512c67cdf61aa1d9e06172f55a65e894a6afc644cd64d46ce185aa57addc0472d54dfdb42955c4ec916df10171c02d2a35f3a74174a89a4be487981c8b4e659af9e
-
Filesize
430KB
MD52aff2e153eafc1f37acc3e3f77ddebb4
SHA18adeedcbaa5161532cae246351dfb01875903d16
SHA2566f05d6d6b273bb01cda064cce941f1b76b276915f0e6411db2f08ca4a3d8d9ad
SHA5129d3a1d7ce77f5b759ad8b51acc72c14146aa524698260b8c42abcc2ee121f5343a755086a49dd9fa4b1e5ab750dbe842d02c3a09e172866852ba0ed245fb42d0
-
Filesize
54KB
MD595e7df8d97acddd70efc26aa1efe0a7c
SHA11dcbcdde4cf6adc64882086ace539c8b86d313d8
SHA256b2af31f74b0963f45ea5dd5df2948a0713c837776c57c57da4f772da132ed818
SHA512b78e6e1a90c5a36fdc042ee11466e0ee70588e207d31791da17021be16e487dc4d5c44efd1b576206f194b5de14fd5d7e42b813245abedb05f5fdcc55a238b04
-
Filesize
1.1MB
MD56316907faca8ed91e8477eeb1cb62b36
SHA15e6816c064538b8ef110f30a67df2c30b965ea23
SHA256606171464bf27f67bea8d08e8015fd6777ab8b574c22691a29254098b3f94e25
SHA512f53c7a39f151c19d63872c4ae4e0daebf4229b5332eede56da390b719eabc0dffa2ff4e72bd51a5728ac26aac1752abd30b7d5d5716fe6fc7a97a98faa3f10f7
-
Filesize
833KB
MD5f6732a596a2e62c14d733eb023da7916
SHA171bea1945ee05843003badc29d0b18efc47edc06
SHA256ee7c2c685280b3981def8da10a3247335649c22bcfd464f991ac4c11d02e31f0
SHA5120916a5ef9aa508d0d33544c8aaef14162f4c04a924daa3386a3a1ba7741711b91fdcb1628b06266598afb163f0ddb993646a7e1df792e3d213cbb75c829a8b0c
-
Filesize
16KB
MD553180ac77de73a05568cc8f7bf0ccc37
SHA11ae29bd26716b46a4c441f9454169d6a26d451b1
SHA25611bad8fccaf9cd3c8a1de238a6dad3a4289be1d2e1d97bacf213cd0f3c2b1e75
SHA5120b30ba9478a7d91c1a3d143d997a4d1e1288dd53f4586005b62f9d64a3d0b051d0b1ae8dd8d252dd36ca57e997138927dd7f22a3d43234432927f6156cb1d3cb
-
Filesize
1KB
MD525d73be1f056a07f175030fb2c2cba42
SHA1c7b316ae764192c0caae5d1dbf218024f8a4857b
SHA256d77e1a1da4150ec7670f5d77d718ba4af2bcf6e6cf5c57eebc767c60bb34e135
SHA51227e87160fde48fe973a343b3c629e97d1b391e759fcf09ed4c5d3621939c6ce58cef2e26891b986b7f19cbb8d48b114efcd2db9b0e68fa6567b28d3ccebdbe33
-
Filesize
419KB
MD5a9ae2ac9a00561f6915612e87bfb2170
SHA19d2bb2639e06ef9613b99499ec9a14b84bfdd2da
SHA256c3a4b9c9cae4abeaefe5489cc81ff3f33177558dd2119a1bdbdcec4ed8443788
SHA51285f4369f0a8c03b366f47772532365aab9880a2682025638d62387be846b404ff2de76aa0788b75a21d1330875c1a218589f96908d197f833b9f686a67f545c6
-
Filesize
459KB
MD5cf6e427596548d7ba041cd83dacfb46d
SHA1cdef6bffe65cc618e408bbe575180436cb0663ca
SHA256405f65e1fe6f3c2df4f4f3fe62598002153645368037a2b8d01a2dff466126c1
SHA5129684f37bdfbe7bd2b8965b94305b971953699cf741acf028e1cb54451bf0a630c808a00c26f1b0a498f48c7bbcfc07ab459460a600032d98fb0dbd90f7cec505