4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe
Size

4.1MB
MD5

5432cd10140f359f17394c8e2340299c
SHA1

16ad79a097ff19b5089aff81b6bfa1a664affb18
SHA256

4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398
SHA512

05925ee28feb718c1d05216be2f4553b0db27f49aab42ae64559daa22c16b24b7c40de4ae83bd38e81f65173bf9584fbcbe3ad481366688a244e2e7774151f96
SSDEEP

98304:7ScbaLQaS+m0bcbE+1AZ1bpVDHBz/waoVNVncpH/s6i47:mn50N1AZ1dVLZwaoHxcpfm4

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2232	4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2232 set thread context of 2832	2232	4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe	28

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2832	RegAsm.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2832	2232	4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe	28
PID 2232 wrote to memory of 2832	2232	4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe	28
PID 2232 wrote to memory of 2832	2232	4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe	28
PID 2232 wrote to memory of 2832	2232	4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe	28
PID 2232 wrote to memory of 2832	2232	4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe	28
PID 2232 wrote to memory of 2832	2232	4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe	28
PID 2232 wrote to memory of 2832	2232	4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe	28
PID 2232 wrote to memory of 2832	2232	4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe	28
PID 2232 wrote to memory of 2832	2232	4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe	28
PID 2232 wrote to memory of 2832	2232	4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe	28
PID 2232 wrote to memory of 2832	2232	4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe	28
PID 2232 wrote to memory of 2832	2232	4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe	28

C:\Users\Admin\AppData\Local\Temp\4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe
"C:\Users\Admin\AppData\Local\Temp\4e3934e65b6c2ea6be580d375f4515edf20643d88b5f83db63d2c0ad70ba0398.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll

Filesize
60KB

MD5
000c1e5f2f5bbf09697f618e7d843652

SHA1
63d9ce3ab6a738732a46590a4ecfe0e691d71601

SHA256
c97291558708c7c898c0384c483e04b0cd17d8acf945d2394751d2473c7a300d

SHA512
df7b24ee6e2a5851e4e401e9e1892a5fa7ea0b0b2f09137cbe9feba831623ec1dd5f4585dcccef99e61cfe76f989d6f537a79ca46a90fa619031b84170d7ea82

Download Submit
memory/2232-20-0x0000000004D60000-0x0000000004DA0000-memory.dmp

Filesize
256KB

Download
memory/2232-10-0x0000000004D60000-0x0000000004DA0000-memory.dmp

Filesize
256KB

Download
memory/2232-3-0x0000000004D60000-0x0000000004DA0000-memory.dmp

Filesize
256KB

Download
memory/2232-4-0x0000000005450000-0x0000000005604000-memory.dmp

Filesize
1.7MB

Download
memory/2232-5-0x0000000006890000-0x0000000006A22000-memory.dmp

Filesize
1.6MB

Download
memory/2232-13-0x0000000000980000-0x0000000000990000-memory.dmp

Filesize
64KB

Download
memory/2232-17-0x0000000004D60000-0x0000000004DA0000-memory.dmp

Filesize
256KB

Download
memory/2232-1-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download
memory/2232-2-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download
memory/2232-53-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download
memory/2232-0-0x0000000000E00000-0x000000000122A000-memory.dmp

Filesize
4.2MB

Download
memory/2232-11-0x0000000004D60000-0x0000000004DA0000-memory.dmp

Filesize
256KB

Download
memory/2232-12-0x0000000004D60000-0x0000000004DA0000-memory.dmp

Filesize
256KB

Download
memory/2232-14-0x0000000004D60000-0x0000000004DA0000-memory.dmp

Filesize
256KB

Download
memory/2232-15-0x0000000004D60000-0x0000000004DA0000-memory.dmp

Filesize
256KB

Download
memory/2232-16-0x0000000004D60000-0x0000000004DA0000-memory.dmp

Filesize
256KB

Download
memory/2232-18-0x0000000006CC0000-0x0000000006DC0000-memory.dmp

Filesize
1024KB

Download
memory/2232-19-0x0000000004D60000-0x0000000004DA0000-memory.dmp

Filesize
256KB

Download
memory/2832-37-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-21-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-36-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-35-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-34-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-33-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-29-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-25-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2832-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-22-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-38-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-39-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-41-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-43-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-44-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-47-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-49-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-50-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-52-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-31-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-27-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads