09d4d7fb4031033642dce74ed9552175f997fac7de55d7e0e697ededaf2e4f89

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 08:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

71b3cace1ce9479ab6e8ca7ad21d5d4b.exe
Size

126KB
MD5

71b3cace1ce9479ab6e8ca7ad21d5d4b
SHA1

98b0dd3a2956fd81b1237da0134f5d99469edece
SHA256

09d4d7fb4031033642dce74ed9552175f997fac7de55d7e0e697ededaf2e4f89
SHA512

67213b2d6333c8e499b5d8e3d8003c3aeb3ecb09bd6581fc402d57f69b217beee324b79f4c6ab9d89228cdafb4ab9577335d5cf3abcb8ed66ae8cce57fd8587c
SSDEEP

3072:sbSO0DFwaJnZ+kOCVXlo1h5PUBnayM2rivC0:QtNoZTXlo1h1Udao

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe
2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe
2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe
2656	svchost.exe
2628	svchost.exe
2656	svchost.exe
2656	svchost.exe
2628	svchost.exe
2628	svchost.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe
2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe
2628	svchost.exe
2628	svchost.exe

Suspicious behavior: MapViewOfSection 3 IoCs

pid	Process
2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe
2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe
2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2628	2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe	28
PID 2220 wrote to memory of 2628	2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe	28
PID 2220 wrote to memory of 2628	2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe	28
PID 2220 wrote to memory of 2628	2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe	28
PID 2220 wrote to memory of 2656	2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe	29
PID 2220 wrote to memory of 2656	2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe	29
PID 2220 wrote to memory of 2656	2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe	29
PID 2220 wrote to memory of 2656	2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe	29
PID 2220 wrote to memory of 2216	2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe	30
PID 2220 wrote to memory of 2216	2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe	30
PID 2220 wrote to memory of 2216	2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe	30
PID 2220 wrote to memory of 2216	2220	71b3cace1ce9479ab6e8ca7ad21d5d4b.exe	30

C:\Users\Admin\AppData\Local\Temp\71b3cace1ce9479ab6e8ca7ad21d5d4b.exe
"C:\Users\Admin\AppData\Local\Temp\71b3cace1ce9479ab6e8ca7ad21d5d4b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\svchost.exe
  -k netsvcs
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2628
- C:\Windows\SysWOW64\svchost.exe
  -k netsvcs
  2⤵
  - Loads dropped DLL
  PID:2656
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe"
  2⤵
  PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3E67.tmp

Filesize
66KB

MD5
c000ea8b85128ffd33bcaf22e1b7f581

SHA1
5b7383f8022c6377da03da5aeb141a17ec9c794b

SHA256
0e9da1e280a6be3aa042b404ed742a348a2e2e6eb6b617f129e1601b14e96766

SHA512
deb1ae88e751bf6d7904c49c70ab7b270cbf8adc7a48ae24b1558d0ebe9d154746aab42ca010b86e007407d771fbe39350767de4319e2b549b54ae2c15ec531e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3E87.tmp

Filesize
96KB

MD5
80d9c0211cf96e7638530092a920a6e6

SHA1
3f2a4ab7c2763930df6f0b696d4c667a0295b2ec

SHA256
8901b052630e06786763a5a3818c149aa4a99bc61790a311bc21bd8b333225b9

SHA512
83e707c5894abae2ba1ee899c9df786815a54f08bc10ae3d9f90e5f89902042ff60618c11672b5c75760ed025fe292d0550548a8f7e671d6a054751a76ebe5eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\3ED6.tmp

Filesize
45KB

MD5
574b8c4524f7fd074a927df9f454d7a2

SHA1
b6939d1054cb8d5502da9c55196c2c74151365d8

SHA256
4612334677f06327639815a76073facd6bdea5af92ff00e47badf4c3ec8ab2ac

SHA512
3c877202729b21ac91f9f37615f24e632dbd00777cba0eb0244074ce26ea99d296d25cb2dc2b58135664f1e6275198e945ad6792bac0e4899639cb8b2f3ac705

Download Submit
\Users\Admin\AppData\Local\Temp\3BC8.tmp

Filesize
141KB

MD5
facd85079a71e9a80bf995cdce082816

SHA1
081d3ab04d8c8a142ae6ab139994d13e7675ca1a

SHA256
724cd56633cc742000e062d37bc02bbf6ef8b9602293b626960ccd0777ecd25f

SHA512
5689b810d98a19de4c2e1c22c1b9db86f836ebec1501144839f0588212072bb7cd8a464542bcdeccca4734ecca98eed8d4e1b3b8e48d9707b39970eba7417f27

Download Submit
\Users\Admin\AppData\Local\Temp\3BF8.tmp

Filesize
141KB

MD5
45cb566a836f3aa4d9e06dd602cf1aeb

SHA1
51779a602eb9a962e8c5df1b42faeb388e5339e1

SHA256
c1a961abb3efd66bacc7a64dfa47b83984db7e888a6b596b2d8d9272478ba455

SHA512
980dafbcced34eb015d10c9f22f8f5118d8c2a980fad977bd2a70c4aed80c79c0883e8926b7af98ddb873e1497e161172f824aba9690a8633606340a0bd63ee7

Download Submit
\Users\Admin\AppData\Local\Temp\3C18.tmp

Filesize
108KB

MD5
9a659c3bdff80df724920c1c9cff6c04

SHA1
e1154b33c6e1c218e18b8c9518c32e3b3a21d866

SHA256
55824258231e47d50c471d51ff58ad94633b2964813e5efc293923a06cbec6cd

SHA512
3488bbe4ea01f5c79fcec82695ce523a65de22d74c87242a8ea807eb784e6b2c0cec942e99a07dbd1e4796bb23fcd2cd5e940a09c007fef90e9f637634768710

Download Submit
\Users\Admin\AppData\Local\Temp\3E29.tmp

Filesize
82KB

MD5
025ac9c2eaa37efe27598310a6d290f0

SHA1
b1ae36fcd934ffd226a904764e07cbc00c67aa62

SHA256
10bbed940e13d0e433ba855875c40167ed89c4c88fb17fdecdf8d8f8bc9a21c3

SHA512
0cbdb38a2c098352b5df80b9297bc794ca0fb25cf6b0148fef83c1a618aa06de4cfd6aea049b937109b8646804c3be6b73d8c004db97c4c21f5aef97f998c6a5

Download Submit
\Users\Admin\AppData\Local\Temp\3E67.tmp

Filesize
49KB

MD5
b20dbe72561f2e82839c508e171940e8

SHA1
00fec88378c9683a21647afd99e0683ad9ad23c4

SHA256
34569ff1de5b08facda444ec2b99cfc6d59ff8ce4dfaf516931d08c51f1447b9

SHA512
5a09f7b850bb8f432af2a5d51a8017387a6d3951b7f0e60a1d08922c5d025dc10a1b6ef30a4d0e67f61afdcff435c237878b3ad10007766878050c32ba45375f

Download Submit
\Users\Admin\AppData\Local\Temp\3E87.tmp

Filesize
45KB

MD5
0be442035914e1b12d45475fbedaeb7a

SHA1
db642d43dadfc9d0917820e3f1e4b20050031761

SHA256
ed1b7fecafe217d7810928409d0938056b236c8fc856a841d196b4c53a3e00a3

SHA512
29de0f6988470a6041472ba3b62540c258747eb067180d2de07fa14ddd55967ed6ecae7adf8e0c3c40c7339f3639804f1ebddcb87e8884aebda0aefad8a007a6

Download Submit
\Users\Admin\AppData\Local\Temp\3E97.tmp

Filesize
121KB

MD5
8385dfaded74598446b41ba658ecb364

SHA1
3602528ced360452dd8a5e20c6f582f7bf06297e

SHA256
ddee385d22dc3e7e4dc609a5a6edb35b5d7b1caa6d9b96d8886c35487267f3d9

SHA512
d48cba4b0899d0898fe6aee8c2ada81ae6d3fb15139079fa854877166093e91a5bcfd71acd3ddeca74bc8ba6da366aea2a7986e7f05bda4caefbac02c6b5741e

Download Submit
\Users\Admin\AppData\Local\Temp\3EA8.tmp

Filesize
39KB

MD5
b4fad320b26b51ef94eac4d8cd065e26

SHA1
58d4dba55d6fe10de5669504f58ba6ee2d6d9bf3

SHA256
479ab31b213169bc6478affd47b51da80bbabe09eac62d700aec72d8cfb3367e

SHA512
6c97943ee8b01fc9398780333c93228da4dd46d73309ab3d6a8b2198d6814cc03d6e9547742a92c67959a98486a1c8170ac7e02200719bed8fe775a26a066136

Download Submit
\Users\Admin\AppData\Local\Temp\3ED6.tmp

Filesize
103KB

MD5
821baa009fbf543d4a5f0f62049d7d54

SHA1
264a83f80e38a33cb71438f5baf20aede12ea97f

SHA256
94b80c9bdd85db35e166ec3aebe58c31ab6fcaa743987adafe43f05ff3f5d635

SHA512
e5417ebac285de873f9bc631f510339b233d3ea69083fe5cb22ed6cd4fdfd574cd1a4e8f22a6b42223e209a3845c1469c1ad6109c83a7636466baaaa36d0adab

Download Submit
memory/2220-36-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-57-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-77-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2220-13-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-65-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-52-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-50-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-48-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-14-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-16-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-39-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-29-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-4-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2220-2-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2220-1-0x00000000002B0000-0x00000000002FC000-memory.dmp

Filesize
304KB

Download
memory/2220-17-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-82-0x00000000002B0000-0x00000000002FC000-memory.dmp

Filesize
304KB

Download
memory/2220-80-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2220-78-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-76-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-75-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-74-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-73-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-72-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-71-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-70-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-68-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-66-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-64-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-63-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-62-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-61-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-60-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-59-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-58-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-69-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-56-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-55-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-53-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-47-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-46-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-45-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-44-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-43-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-42-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-41-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-38-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-37-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-0-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2220-35-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-34-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-33-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-32-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-31-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-30-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-27-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-26-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-25-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-24-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-23-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-22-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-21-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-20-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-19-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2220-18-0x0000000000330000-0x0000000000339000-memory.dmp

Filesize
36KB

Download
memory/2628-102-0x0000000000080000-0x00000000000BA000-memory.dmp

Filesize
232KB

Download
memory/2628-103-0x0000000000080000-0x00000000000BA000-memory.dmp

Filesize
232KB

Download
memory/2628-83-0x0000000000080000-0x00000000000BA000-memory.dmp

Filesize
232KB

Download
memory/2628-105-0x0000000000080000-0x00000000000BA000-memory.dmp

Filesize
232KB

Download
memory/2656-85-0x00000000000C0000-0x00000000000FA000-memory.dmp

Filesize
232KB

Download
memory/2656-108-0x00000000000C0000-0x00000000000FA000-memory.dmp

Filesize
232KB

Download