Overview

overview

10

Static

static

10

d389814cdc...3e.exe

windows7-x64

1

d389814cdc...3e.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01-02-2024 23:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d389814cdc38b9bcc1b251314309f1be70d01de724b4edd3f1df364de1b18d3e.exe

  • Size

    1.7MB

  • MD5

    8c236172b855d90bba67cc061bc06b7c

  • SHA1

    ed880bcf3aaa21b542a2b781524a21e285d70363

  • SHA256

    d389814cdc38b9bcc1b251314309f1be70d01de724b4edd3f1df364de1b18d3e

  • SHA512

    edd704b8ef615076704676b82493e8e99a7043332ddf3f7479aa6f9a5e3cde3ce8b184f06eb450c1cae4a7b0af47a25653172c320e2123c58cbc584515353c3e

  • SSDEEP

    49152:1kfKSSrSgRjrcGNvInXZJqXT5X+VlC51/:4SrSo/InXZJqD5OVlo1/

Score
1/10

Malware Config

Signatures

  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d389814cdc38b9bcc1b251314309f1be70d01de724b4edd3f1df364de1b18d3e.exe
    "C:\Users\Admin\AppData\Local\Temp\d389814cdc38b9bcc1b251314309f1be70d01de724b4edd3f1df364de1b18d3e.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1820

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d03075ff304d7303e2807f89fdfb7a9c

    SHA1

    264fcd9050b55d4a66d61437a7d74520c42446c5

    SHA256

    3b487b408c56ef8bcac50bf39eda3985c5998070af02cd61842ab6fb6f503e79

    SHA512

    3f5e169bd58d88ed830e2bf6bee042eac45c19053640fe8cfcc20e0002493086e51a0ff7b87693e97d23bc6fb46dd9bb611a88f27fab0f14fca0fe55c1e83e5d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabABC.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB5B.tmp
    Filesize

    11KB

    MD5

    9180877fadc63f18235df2b2c90dddea

    SHA1

    db4098217b3538f5eed1f1db1a540887f134e515

    SHA256

    f63f39b8e5a6eecb27e409434493ed16076cbeada34eb7b96c6367d4b9ebb988

    SHA512

    8dd8868bb7bf28e735ff89cb15eeaa960183af733761c00b6678a3adcb001853e41cb50f1d9c324aae735b0fecab60dd72c9ff94f713b5b197b698defbe6b886

    Download Submit

  • memory/1820-9-0x000000001B060000-0x000000001B0E0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1820-8-0x0000000001DE0000-0x0000000001DEA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1820-7-0x0000000001DE0000-0x0000000001DEA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1820-2-0x0000000001DA0000-0x0000000001DD2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1820-6-0x000000001B060000-0x000000001B0E0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1820-5-0x000007FEF5860000-0x000007FEF624C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1820-93-0x000007FEF5860000-0x000007FEF624C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1820-94-0x000000001B060000-0x000000001B0E0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1820-95-0x0000000001DE0000-0x0000000001DEA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1820-96-0x0000000001DE0000-0x0000000001DEA000-memory.dmp

    Filesize

    40KB

    Download