3fd976ce45ede7c0502d3ccf3d5a69ffbb7a7b8dae0c8f1c5479038c24bc12ea

Analysis

max time kernel
1162s
max time network
1165s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2024 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

МКТ Демо 1.1c.exe
Size

50.6MB
MD5

27fbbd1cbae198baa9edc4b3b06b4125
SHA1

8383ce2c30757c8d336e9d0e9329eaaf3e76bfcb
SHA256

3fd976ce45ede7c0502d3ccf3d5a69ffbb7a7b8dae0c8f1c5479038c24bc12ea
SHA512

45a5287eddf152918fe9dc59c54f925c77455ff19dbe6e2094164fa48e6a74b127ecfc1ecfd5e8e3bf39bb6e3ccc387f1b86a41018a79046e29dce8f05b6b111
SSDEEP

1572864:/xdvWHaKtOa3KdUY6kTVrHIq1yD8GJaDLYY:/XmOBWkTVrHIq1yxgD8Y

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 25 IoCs

pid	Process
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe
3880	МКТ Демо 1.1c.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3880	МКТ Демо 1.1c.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4236	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4236	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3880	МКТ Демо 1.1c.exe

C:\Users\Admin\AppData\Local\Temp\МКТ Демо 1.1c.exe
"C:\Users\Admin\AppData\Local\Temp\МКТ Демо 1.1c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3880

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x3cc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\Get.mfx

Filesize
340KB

MD5
c61fd0d847df328fd6f0a98e4f030f41

SHA1
c3d8c3493818c44723e1466b411a3b5e188d823f

SHA256
791e717345991c4bf183c6450667498a89b59c4e8a5abb52e2751fde63d3ad43

SHA512
72cb1345af5834cbc89c9244c935cd62ea7a9d19d34a39eb6d69c32bd10302c1c0a9c0573278e6424bee1f0a771ea46e7fb907c630742dcfc6bbb572b393970e

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\Get.mfx

Filesize
258KB

MD5
47ada96c45898d9985164afe4db50d7c

SHA1
6f8a43e0170b36db0fe709e7bfd5ef6bf305d6ec

SHA256
3777240e2af6950a22bc1ed9c9c2b442a21a7ce0a0e86c610ea2c181dce84f10

SHA512
c492c26950cbf7ac802edc1d994a5fd5623103b2f4abb36463ef5dddb36c754edb6e1387df65e5c2a0ffe0968c7ae20c70321561a66329dea75414ada81863d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\KcButton.mfx

Filesize
40KB

MD5
b848bbf535366b6053f7bc8ab87fc5e0

SHA1
19d8a51062201531ff58c898925e53490c22213e

SHA256
94cea0df9febe19fc2e1a905bd7df0bdab63797a42a7006f14bc8838003e5a45

SHA512
cc6df5fb9ef537a255faefb890ffd07556bffec5abd6a914afeb004b77dede2db21dce1179a36b8641e7150e8c466345a58288835722639c1fbb7e5665122543

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\KcSyso.mfx

Filesize
24KB

MD5
5a360a702ca0e4c6929d63f44d80aa9a

SHA1
c1ffee5e1e7e790112e524833881aff097482e38

SHA256
7bab74b8686d54e2e4d882d13c50ae7173fa664f8b6829acca8839ad623240bb

SHA512
87ec0ee3e48bb1d16a380d87cd5414c4f1edd3dbc534599ec4184926745e47157cca50570b83b201f43854a50fc7f4b9e09572715cd2527d884a378d73e4f9cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\battery.mfx

Filesize
17KB

MD5
347d6293eefd33868b5b00637c3ae440

SHA1
0bd7a0fce2ad9e6f31cb4aba5de95e1473a26c31

SHA256
630c6b0bae5dd59736cdb718a142d1105390510918d8333e96e3cce48f7abc94

SHA512
8a0e9cfeceaf0b44b578dd95a198778de07fa06925f3d010887bd22589dbad3e23a32ef0d43b4a2e7ce897e58c8f579c780206c2f463388e69091210a34cf329

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\cctrans.dll

Filesize
141KB

MD5
ce3a36f85d2ea504b6d19c5f366c3f47

SHA1
972629c730b65c17ac2c751aafeb612d0c7432f2

SHA256
55e75e784e436cccd978192fba869656f879f0f126e99b375c3849c99872ec56

SHA512
c6df293b4373552c3165ac27f2070973a8278bc72001a8c10f300ea30699a03811dc6a84864ff22aaa2b35d1ec75d41ceb2a8fee85b5404d4a5bbfd8333f248c

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\clickteam-circular.mvx

Filesize
28KB

MD5
670cfc229784a242beb960a430ae9764

SHA1
9818a8a255e58e28c1e7617aa7ab38f29067e4f5

SHA256
671a01a39fa56a32fc0a43b16038d3077202734a7beacd50d73439011a74a4cb

SHA512
7eb59b4391fed479803c2c2ba075d3fa4581473495f2458b0a86fc3d27f8b7e56a012b920bf2b5f1697b4eb498c8d16de17ebed9f10eb55686048cd4f96df1a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\clickteam-dragdrop.mvx

Filesize
28KB

MD5
7c3b681e4eea7724bc5346be05967f6a

SHA1
73ca262186777c05bf2b02b040903ec5c0ea38ed

SHA256
b1f9227e4bd66a8a00bd50dbe088c25984443881dce16d168912f3ac282eb646

SHA512
0d636cfda7780ebfea059dbe5b356755ac9e237aeb72f66bc0f9cb3f710481b9ab14898ed999ad5411d67b5ff67d79ace66770873faafecd2c67240a102c0d74

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\kcclock.mfx

Filesize
106KB

MD5
52d17266a014b5da9552a13d7594786b

SHA1
c1acdf4fcc9d5b985a8030a0cc3b6c6679e80a67

SHA256
d79eb00cd7822b836f4a7522c0a2acd08ab9955c3ee625a90ed8e8a177eab2ab

SHA512
149fda83701323ce52777a350fb844794d61aa4adea4b7e41910af4444c507bb0dd3134f996c42789b84edb75459e4e8c500fe6ebb467f55007a24fa0cf7e5ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\kcedit.mfx

Filesize
32KB

MD5
b00898b2cf3f8bfc98d782fba8b5c72b

SHA1
4851163436946fd145048104bd1a47d34840fc3d

SHA256
48bb645990f1a703a1e9fdad3c765824db23c8f5e25b388c82dd25cb83fe31d0

SHA512
0ed0c44e3f0f147655ebf0b1a2627c7eff895342a09c0410405b9b8c5dfa9c1da588731873ec2c03259a89a58b9c4c7cbd5119c5e4952e8d024aaef36e7b6626

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\kcini.mfx

Filesize
114KB

MD5
7c0cb7fdc0d3519520cd4b8137edbd80

SHA1
bd4eddd8316a51baf4a3ae68b56acfbba734f46c

SHA256
d1471b2685d45956c323baa2cab11dfe479eb1021f04e2949f03557527c5fc84

SHA512
601c16892bef77d5842e0778f27d4f82e19ae66333b2b75c9a34b3ba6441169946e1167ceb21ed270bddba305abfe50f2e8f8ab2e9dc410c96a31944e597034a

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\mmf2d3d11.dll

Filesize
164KB

MD5
1878af9e228885f108d64355c49bd8c6

SHA1
853bade7d457cae5dbf87c78989a5858eed081be

SHA256
9d45225e5664b5baf59632d49a41a90af3306f71c53ee90e7a59b0a55f0b14e0

SHA512
216cd39587d19a1145ddd890ad2a0da41dadfd60a86c699700229364ff782e042e7b17417dfc2d43d991e6fd2bf8a7065451397bad68ba591eab91e5dc21476c

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\mmf2d3d9.dll

Filesize
98KB

MD5
e79c821253eab205313f67fe69365b77

SHA1
ce85ed77414cd7e880d3f9ff856a1377b0bf9707

SHA256
fbcc9ef3afae639d4df86b1960d14bc959f63b5860a5663d3e003f5e0b782dc6

SHA512
e1893e12f952d3fe3fe799a8bd758a7af3e18a77d79f3ff69ffcb5c572fc8125f828e01de8e81a1f4e833b74165e77806936d2666e4ce7723c714bc338652920

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\mmfs2.dll

Filesize
509KB

MD5
98f647d1ed220e1d715aed9dcf69f387

SHA1
d1d9f5361672553a394bee9afe1d30814dd0ac53

SHA256
3a288448e88a296b2bceeaf093e76a22e3083e937a3c4efeb6a61565ca7e35df

SHA512
e950658b0afdad722a9f243bb8ae7fbc1c541dd0513379ef9e1d99becf8b31b4098c6789204baf3f15ea26f43af665edaa9799a6617373009def81bb20f02a06

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\oggflt.sft

Filesize
26KB

MD5
dc572aa6b6780847ba925b8b281b19fa

SHA1
c4847c8b2b943b5f23fb6504ab327215436a8b90

SHA256
3f22c01dfb1162fbe3f4aed158fdb43cb9fddce02a1e933c79f36c08954f35bb

SHA512
e37a4c5b27eaecc141a92734ac8e3aa802842ec311e8093cb29581dd03149329d785463259b329271056c04d0c986ea62a7bd4c461248f00856724cd64a0d174

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\oggflt.sft

Filesize
24KB

MD5
374dd866d258d0a7b83650663d4a8321

SHA1
8236d43c49922db7371cdd6063eecc688ef1aa07

SHA256
c10d1173f0d6fe8a3184ac6fed7372d13d0f3c61dc179be70a776b7f1d5be317

SHA512
bd14c3907868eb71c2d2a94556fba53c1b4aaef54333ea1482c04b8a383810a4f994b8afcb7b20477cce4b03158315d7f101d3c6796881158f7e788f6e760845

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\osinfo.mfx

Filesize
36KB

MD5
749304155b5be41828309876e02e478b

SHA1
d0e12126d9fce48d5cede08f07cd8efa1017cbb0

SHA256
97b6532ea40deedcb0cbbf1b047077fcc7f0f71722e2171853a4e3f37813db1b

SHA512
89cabcbbc8fce05b68f1fb798864eab0d37bd62953fd6e66d9c5bbc2fe7c34cb1cd3358d79d3d6bddd8b6af9658bf611a49c0c41c0e66973377e52caa1d3d210

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\parser.mfx

Filesize
30KB

MD5
5903e2efe098dae179c07d670ff836b7

SHA1
93a2ce92a28c646735790d2cc9ff8959cc6e0c11

SHA256
9813631f63f79fbaa741094786d4b13c34515ec4a33c0d4e88b75a20973c887c

SHA512
e39bb67dc8765558274f93953de141e17de18550912bf79a94a2cc998918d07631a0251551abc080363ea52444c1511f15458232d0c656d8f62550d33756e740

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\ultimatefullscreen.mfx

Filesize
73KB

MD5
96059dbec69c3904e4d7ce734a4b38d0

SHA1
5169934f8d89b0dba963861dcbae55e78fc21dfc

SHA256
fd179783ff6e6eb0959185087f33ed4a1b256e58762d9817bcb16888e20f7058

SHA512
82977b2c249e47ca37d6fd62f416ed995b4b5f953bc5c18c84bfbdacc2c5b17fdc50c1e736fafcac242a3f8921b5000e0ec84302bc4e0077d6eeee3aa43cc520

Download Submit
C:\Users\Admin\AppData\Local\Temp\a4244e10-f079-4f4d-9d44-cffb0241b99d.FusionApp\waveFlt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit
C:\Users\Admin\AppData\Roaming\MMFApplications\mkt.ini

Filesize
13B

MD5
01ac8a159b8ffb2f0e72035d880a0711

SHA1
9f69b6e1b1d8034498b015d96a564c3bcbfe057f

SHA256
76b410632838af99e97d97886caf4e9ceadaa1ee852a2802a9bb4c143d2fc1f8

SHA512
c2149f9cb66b1afc3c6cc303d476810823f8fb9d0c3b1c468b020e711a4b35a570c78d1e86cd1484b53c3d8c4312c4d7788af4a4a9440275cc84abde06d10a4a

Download Submit
memory/3880-54-0x0000000003100000-0x0000000003159000-memory.dmp

Filesize
356KB

Download
memory/3880-47-0x00000000030D0000-0x00000000030DB000-memory.dmp

Filesize
44KB

Download
memory/3880-39-0x00000000030B0000-0x00000000030BC000-memory.dmp

Filesize
48KB

Download
memory/3880-75-0x00000000033A0000-0x00000000033C4000-memory.dmp

Filesize
144KB

Download