ef226cf5122643f54fd3a837d054f04699ba8ef7c74f2ff6666fcf06f7beaeea

Analysis

max time kernel
141s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2024 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87c20b60569475e911204befb5f25e33.exe
Size

493KB
MD5

87c20b60569475e911204befb5f25e33
SHA1

8dfb3aff3184fc98aeb9dd848b8aea1a870958e0
SHA256

ef226cf5122643f54fd3a837d054f04699ba8ef7c74f2ff6666fcf06f7beaeea
SHA512

9fd4cee684022c486bcbf9394c69b25f38d3f6e2b855ee4788d9d867b2054fc9c5fbe1180032dd9bf44b5f8f3f1ac547a306b3cd95c9b4902c7a8f26515aaa9d
SSDEEP

12288:Z1Ra1rN4wopVauKAxZkhwryINtTirdor8:ZDrp4XAx+hwrywTEdo

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1492	360tray.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\360tray.exe	87c20b60569475e911204befb5f25e33.exe
File opened for modification	C:\Windows\360tray.exe	87c20b60569475e911204befb5f25e33.exe
File created	C:\Windows\GUOCYOKl.BAT	87c20b60569475e911204befb5f25e33.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2872	87c20b60569475e911204befb5f25e33.exe
Token: SeDebugPrivilege	1492	360tray.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1492	360tray.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 4836	1492	360tray.exe	85
PID 1492 wrote to memory of 4836	1492	360tray.exe	85
PID 2872 wrote to memory of 3864	2872	87c20b60569475e911204befb5f25e33.exe	86
PID 2872 wrote to memory of 3864	2872	87c20b60569475e911204befb5f25e33.exe	86
PID 2872 wrote to memory of 3864	2872	87c20b60569475e911204befb5f25e33.exe	86

C:\Users\Admin\AppData\Local\Temp\87c20b60569475e911204befb5f25e33.exe
"C:\Users\Admin\AppData\Local\Temp\87c20b60569475e911204befb5f25e33.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\GUOCYOKl.BAT
  2⤵
  PID:3864

C:\Windows\360tray.exe
C:\Windows\360tray.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:4836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\360tray.exe

Filesize
493KB

MD5
87c20b60569475e911204befb5f25e33

SHA1
8dfb3aff3184fc98aeb9dd848b8aea1a870958e0

SHA256
ef226cf5122643f54fd3a837d054f04699ba8ef7c74f2ff6666fcf06f7beaeea

SHA512
9fd4cee684022c486bcbf9394c69b25f38d3f6e2b855ee4788d9d867b2054fc9c5fbe1180032dd9bf44b5f8f3f1ac547a306b3cd95c9b4902c7a8f26515aaa9d

Download Submit
C:\Windows\GUOCYOKl.BAT

Filesize
190B

MD5
0e456ac440320ac58ee87e246a2258f7

SHA1
1af3c36b738de20a45bd15dab56736af16c5ac9e

SHA256
c12f841e896b710f718d9da16249ba2525d4ab267e4a69cfe2293214cc6686f9

SHA512
c73d5aa56b0622d04405cd776a17abcbb96ddc4b7cf589d92c8fe662194b713a048a988cf2a91137b314d2953f76415de8034e675231eca384e6a094a2624777

Download Submit
memory/2872-0-0x0000000000400000-0x00000000004F4000-memory.dmp

Filesize
976KB

Download
memory/2872-1-0x0000000000B30000-0x0000000000B73000-memory.dmp

Filesize
268KB

Download
memory/2872-2-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2872-3-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2872-4-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2872-5-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/2872-6-0x0000000002510000-0x0000000002513000-memory.dmp

Filesize
12KB

Download
memory/2872-7-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/2872-8-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2872-9-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2872-11-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/2872-10-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/2872-12-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/2872-13-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/2872-15-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/2872-14-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/2872-16-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/2872-17-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/2872-18-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/2872-19-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/2872-21-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2872-20-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/2872-22-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/2872-23-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/2872-25-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/2872-24-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/2872-26-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/2872-27-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/2872-29-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/2872-30-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/2872-28-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/2872-31-0x00000000027D0000-0x00000000027D1000-memory.dmp

Filesize
4KB

Download
memory/2872-32-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/2872-33-0x00000000027F0000-0x00000000027F1000-memory.dmp

Filesize
4KB

Download
memory/2872-34-0x00000000027E0000-0x00000000027E1000-memory.dmp

Filesize
4KB

Download
memory/2872-35-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/2872-36-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/2872-37-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download
memory/2872-38-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/2872-39-0x0000000002860000-0x0000000002861000-memory.dmp

Filesize
4KB

Download
memory/2872-40-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/2872-42-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/2872-44-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/2872-43-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/2872-41-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/2872-45-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/2872-46-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/2872-47-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/2872-48-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/2872-49-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download
memory/2872-51-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/2872-50-0x0000000002A30000-0x0000000002A31000-memory.dmp

Filesize
4KB

Download
memory/2872-52-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/2872-53-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/2872-54-0x0000000002A70000-0x0000000002A71000-memory.dmp

Filesize
4KB

Download
memory/2872-55-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/2872-57-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/2872-56-0x0000000002A80000-0x0000000002A81000-memory.dmp

Filesize
4KB

Download
memory/2872-58-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

Filesize
4KB

Download
memory/2872-59-0x0000000002A90000-0x0000000002A91000-memory.dmp

Filesize
4KB

Download
memory/2872-60-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/2872-61-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/2872-62-0x0000000002E30000-0x0000000002E31000-memory.dmp

Filesize
4KB

Download
memory/2872-63-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/2872-162-0x0000000000400000-0x00000000004F4000-memory.dmp

Filesize
976KB

Download