8dfa32753eee1068faedf508a48bf664423f8898f9f917937d87b0965438e685

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72ca2790b547b9320b70a5045a3402f3.exe
Size

582KB
MD5

72ca2790b547b9320b70a5045a3402f3
SHA1

18fe14b89515870f73809d75a3fd68f892a03799
SHA256

8dfa32753eee1068faedf508a48bf664423f8898f9f917937d87b0965438e685
SHA512

fe5585cd1a224168a8cf1ebe126eaf7aac2f8a9e918bd0ae5b7963e2d19bb5c5c7d18bf46088cda5ac2cafb1bbe151e0e7433dc3488983c31e95ed1e8cc71768
SSDEEP

12288:sgm+Fs4edjCtdK7BFWp1VrfR5J6CytH19mDgQusbIZhY+JWFFHs:sHKsfIqdEbBfR5J6CCOlx0PY+kzH

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2660	EntMian.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\EntMian.exe	72ca2790b547b9320b70a5045a3402f3.exe
File created	C:\Windows\EntMian.exe	72ca2790b547b9320b70a5045a3402f3.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1708	72ca2790b547b9320b70a5045a3402f3.exe
Token: SeDebugPrivilege	2660	EntMian.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2660	EntMian.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2668	2660	EntMian.exe	29
PID 2660 wrote to memory of 2668	2660	EntMian.exe	29
PID 2660 wrote to memory of 2668	2660	EntMian.exe	29
PID 2660 wrote to memory of 2668	2660	EntMian.exe	29

C:\Users\Admin\AppData\Local\Temp\72ca2790b547b9320b70a5045a3402f3.exe
"C:\Users\Admin\AppData\Local\Temp\72ca2790b547b9320b70a5045a3402f3.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1708

C:\Windows\EntMian.exe
C:\Windows\EntMian.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\EntMian.exe

Filesize
582KB

MD5
72ca2790b547b9320b70a5045a3402f3

SHA1
18fe14b89515870f73809d75a3fd68f892a03799

SHA256
8dfa32753eee1068faedf508a48bf664423f8898f9f917937d87b0965438e685

SHA512
fe5585cd1a224168a8cf1ebe126eaf7aac2f8a9e918bd0ae5b7963e2d19bb5c5c7d18bf46088cda5ac2cafb1bbe151e0e7433dc3488983c31e95ed1e8cc71768

Download Submit
memory/1708-10-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/1708-22-0x0000000000380000-0x00000000003CB000-memory.dmp

Filesize
300KB

Download
memory/1708-3-0x0000000002020000-0x0000000002021000-memory.dmp

Filesize
4KB

Download
memory/1708-5-0x0000000002000000-0x0000000002001000-memory.dmp

Filesize
4KB

Download
memory/1708-4-0x0000000002040000-0x0000000002041000-memory.dmp

Filesize
4KB

Download
memory/1708-6-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download
memory/1708-7-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

Filesize
4KB

Download
memory/1708-8-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

Filesize
4KB

Download
memory/1708-9-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

Filesize
4KB

Download
memory/1708-0-0x0000000000400000-0x0000000000509D94-memory.dmp

Filesize
1.0MB

Download
memory/1708-2-0x0000000000380000-0x00000000003CB000-memory.dmp

Filesize
300KB

Download
memory/1708-23-0x0000000000400000-0x0000000000509D94-memory.dmp

Filesize
1.0MB

Download
memory/1708-1-0x0000000000400000-0x0000000000509D94-memory.dmp

Filesize
1.0MB

Download
memory/2660-14-0x0000000000400000-0x0000000000509D94-memory.dmp

Filesize
1.0MB

Download
memory/2660-17-0x0000000002730000-0x0000000002830000-memory.dmp

Filesize
1024KB

Download
memory/2660-19-0x0000000002730000-0x0000000002830000-memory.dmp

Filesize
1024KB

Download
memory/2660-21-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/2660-20-0x0000000000400000-0x0000000000509D94-memory.dmp

Filesize
1.0MB

Download
memory/2660-16-0x0000000002730000-0x0000000002830000-memory.dmp

Filesize
1024KB

Download
memory/2660-15-0x0000000000310000-0x000000000035B000-memory.dmp

Filesize
300KB

Download
memory/2660-24-0x0000000000400000-0x0000000000509D94-memory.dmp

Filesize
1.0MB

Download