57ba530e14d09223dca5a93d04da240127d595da686f3c87b1edc2d78998940d

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2024, 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a20db7d730e90982cb04d00a87c0ee1.exe
Size

350KB
MD5

8a20db7d730e90982cb04d00a87c0ee1
SHA1

02e1ce87ed22d682164e7764ff17c1b7e042a35b
SHA256

57ba530e14d09223dca5a93d04da240127d595da686f3c87b1edc2d78998940d
SHA512

156f523e3e2436ddbe1fad514b22c0f9e35ef756cba9faabc221842b3254f7ac6bf4cf17fd4c7195c57c3b366e92643f3dcf94c837ec0f4687cf781e7a1faca9
SSDEEP

6144:SHJ6MWoVzpT1Z7emqfjFmMlBRUCmSplt6u9xg81PGktaPe8MohPbB6:SsrorbeVlBGFS7r9xg8HgjD16

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1572	_bbg.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	904	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	904	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 1572	1192	8a20db7d730e90982cb04d00a87c0ee1.exe	83
PID 1192 wrote to memory of 1572	1192	8a20db7d730e90982cb04d00a87c0ee1.exe	83
PID 1192 wrote to memory of 1572	1192	8a20db7d730e90982cb04d00a87c0ee1.exe	83

C:\Users\Admin\AppData\Local\Temp\8a20db7d730e90982cb04d00a87c0ee1.exe
"C:\Users\Admin\AppData\Local\Temp\8a20db7d730e90982cb04d00a87c0ee1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe
  C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe /sfxv:2
  2⤵
  - Executes dropped EXE
  PID:1572

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe

Filesize
476KB

MD5
eac599450b66bebf1b72f6d9a855b845

SHA1
af839313c832ded7b56eba905a53ef884e8a9443

SHA256
d2cd0d09c2e108dc45f048b2f34f738d398e5c2bbe35f78e4f0fe290a8684fd5

SHA512
15661b7253c017525cf77940dec1dc64cbfa2926e26a9ce13b0f146aebc0872091f295f01e2a470afc46ddbc8f90821c4f03528bcae386d8738d0b82db72b65b

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\sfx1\0.wav

Filesize
48B

MD5
6a6c17dddfedf07a446d278904a4a0fe

SHA1
add32b5cccce4fdc8420a44a697959ab0f591921

SHA256
5258c535d0971659f23dc422ad132da841b17a76eab7ede88f3aede5ead2552c

SHA512
241707051ec9bbde7343700b86a23b8c54701a20afc85466aa846c257a38efdd889603de66e958d2ed73891809b745c07f2a853c82fde0f158fc162120dd9e44

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\sfx1\BB40eng.dix

Filesize
35KB

MD5
191fcb9131e2e4a9c9c3bf9d114becd4

SHA1
650cbc0e6d39ee5267f8dece306d252ca852544f

SHA256
6805a13ba0be813789d9e92c0aa3ad880129f4b76e902cebe7702cdb587ff579

SHA512
3fbd380e788eeeffc85d4ac13fda3b75fe7220fab5e6e17d5be8d72a644a885801dfb37dc6beb80e1737a47d5971666be651186b3cb183e65ca66f2f35fb841c

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\sfx1\tex_def.jpg

Filesize
2KB

MD5
8a8fa3d4bcbaa146d6d992cb41a17cb6

SHA1
ba029352f097f5091cbe7edd16f596f0e648472d

SHA256
03a9b3d2b445a8e4aeae2076c550d6acff401cbc331d29928ab4a33e0e7fda0a

SHA512
c776834e5613a62a3361a82c9c5cf1bef8e6c1f774a696315c05c2f17e13a3cc30db167b7696f57c134a232efc7e0feb2f8dc9a91522b4aee9b6417acba8dc80

Download Submit
\??\c:\users\admin\appdata\local\temp\sfx1\##bbgift.puz

Filesize
20KB

MD5
06dea6f0997576423ca1d206976652ff

SHA1
80aeba41f743f8cb37e4d27fbe34b15626114f3c

SHA256
03abab5dcf90cecfe2f51fbeeee31327fa1307227f5646181a1caf0e48f15fe3

SHA512
80127974174b7b68f9bc7fd5f2fb7adb3aa651ca89d74b0f193ba3666368c4b06f8341d3280d37c773213289035120792ab5d75c13bc37bdab471632cfba99cc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads