Overview

overview

10

Static

static

3

7674328516...15.exe

windows7-x64

10

7674328516...15.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/01/2024, 05:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    76743285168be592101fd5dc61ea8d15.exe

  • Size

    257KB

  • MD5

    76743285168be592101fd5dc61ea8d15

  • SHA1

    a37062fb3aab988439bd15228670dbbe83de492c

  • SHA256

    7b2ce0cfe2e1dd022dd430a329ad645a40ae028d5d7e4d42eb917ce1d54d58b5

  • SHA512

    d09455ae06b66462aee73d5d9d0793c4b6ef5f206960bd7d846d5cff8d6db5208dc5322b62bc861f99925ee3c34d5475a606528a188ba6dd568eab7840d86681

  • SSDEEP

    3072:UicFgFSqXNa0s3o2MV2SwcfjUGkmj1AWFhGIhtrJG+2ozcQU8gh1yhw7yds5VLGM:RXNNSo2EscAxmpDGIhtrTpUpH15WJS3

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 48 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76743285168be592101fd5dc61ea8d15.exe
    "C:\Users\Admin\AppData\Local\Temp\76743285168be592101fd5dc61ea8d15.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Adds Run key to start application
    • Modifies WinLogon
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4936

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4936-0-0x0000000000400000-0x0000000000502000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4936-1-0x00000000022F0000-0x0000000002356000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4936-2-0x0000000000400000-0x0000000000502000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4936-4-0x0000000002800000-0x00000000028B2000-memory.dmp

          Filesize

          712KB

          Download

        • memory/4936-5-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-7-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-9-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-10-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-58-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-59-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-67-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-66-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-65-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-69-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-76-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-78-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-80-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-82-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-64-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-86-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-88-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-93-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-94-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-99-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-98-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-104-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-109-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-112-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-110-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-114-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-106-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-102-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-92-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-90-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-84-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-63-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-62-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-61-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-60-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download

        • memory/4936-3341-0x00000000022F0000-0x0000000002356000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4936-3873-0x0000000000400000-0x0000000000502000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4936-4749-0x00000000029C0000-0x0000000002A78000-memory.dmp

          Filesize

          736KB

          Download