Analysis

  • max time kernel
    92s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-02-2024 15:09

General

  • Target

    bT5b.exe

  • Size

    32KB

  • MD5

    287fbbbc69050158902e5a297a4693bf

  • SHA1

    ac8fea9c0d591a0dc8d46e6e1450e79697c62596

  • SHA256

    7d86de2d2e6cd118653666fd446f52370e890e3f72ba30de620abdea1f514822

  • SHA512

    a22cf7084ff85567bc482b7da5cf8cd2d78c4b5653c1b87cc23ad3cf1330b836f87300a84fb67a34177a15179ad21218b296c5a35b79fe5b43725cb77e74ea3e

  • SSDEEP

    384:Q0bUe5XB4e0X7OZOiaXLilpknDAWTEtTUFQqz9eObbG:VT9BuCjaXWlZwbG

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 21 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bT5b.exe
    "C:\Users\Admin\AppData\Local\Temp\bT5b.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1356
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\bT5b.exe"
      2⤵
        PID:4108

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1356-0-0x00000000746A0000-0x0000000074C51000-memory.dmp

      Filesize

      5.7MB

    • memory/1356-1-0x0000000000DB0000-0x0000000000DC0000-memory.dmp

      Filesize

      64KB

    • memory/1356-2-0x00000000746A0000-0x0000000074C51000-memory.dmp

      Filesize

      5.7MB

    • memory/1356-3-0x00000000746A0000-0x0000000074C51000-memory.dmp

      Filesize

      5.7MB

    • memory/1356-4-0x0000000000DB0000-0x0000000000DC0000-memory.dmp

      Filesize

      64KB

    • memory/1356-6-0x00000000746A0000-0x0000000074C51000-memory.dmp

      Filesize

      5.7MB