f08295d42656789488a715929761447d94c86d9910e06751762a331e3fbee915

Analysis

max time kernel
12s
max time network
17s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MonolithPatcher.exe
Size

2.9MB
MD5

3bfd03c56948608a4514fee828483db0
SHA1

c8c11703cdd4aee8a07e3218553c0d04a770864d
SHA256

f08295d42656789488a715929761447d94c86d9910e06751762a331e3fbee915
SHA512

f087b8fba49a4c828391364ca9e93f178bff91feec563c70cc3c8fc75653af1c46d627e50a901cb88c477d8c46dac3db943d90c51ada70324329b65cf0a903d3
SSDEEP

49152:/3tBgrHXW2q/RBrxLKLb1HIIV7M2HiocKGixmay/Iq6gnpZsg7P3BQLagS0IINCl:PtGjXWbBQv1FLto6+pCgbxQLHe2qj

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

MonolithPatcher.exe

pid process

2912 MonolithPatcher.exe
2912 MonolithPatcher.exe
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

MonolithPatcher.exe

pid process

2912 MonolithPatcher.exe
2912 MonolithPatcher.exe
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

MonolithPatcher.exe

pid process

2912 MonolithPatcher.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

MonolithPatcher.exe

description pid process

Token: SeDebugPrivilege 2912 MonolithPatcher.exe

pid	process
2912	MonolithPatcher.exe
2912	MonolithPatcher.exe

pid	process
2912	MonolithPatcher.exe
2912	MonolithPatcher.exe

pid	process
2912	MonolithPatcher.exe

description	pid	process
Token: SeDebugPrivilege	2912	MonolithPatcher.exe

C:\Users\Admin\AppData\Local\Temp\MonolithPatcher.exe
"C:\Users\Admin\AppData\Local\Temp\MonolithPatcher.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\evb7BC9.tmp

Filesize
1KB

MD5
c225ada10c88e6eec6df655e810947c5

SHA1
5d200d665d044997c3f8f9cc3313af23e85ea714

SHA256
ca5ad53f2e394808d6a2218d106d005a4ebb83b3886f000b595e706cfeee4bc0

SHA512
35829970b277c8a24d2be71ec5fc57daa6183f0e62fa5a441136f6a740ceb5e33a444d568cfb778105f053f5128d2ac401b77dc5897e97d9a51e1cfb41b5963b

Download Submit
memory/2912-17-0x0000000180000000-0x000000018000E000-memory.dmp

Filesize
56KB

Download
memory/2912-35-0x0000000180000000-0x000000018000E000-memory.dmp

Filesize
56KB

Download
memory/2912-4-0x00007FF875970000-0x00007FF875B65000-memory.dmp

Filesize
2.0MB

Download
memory/2912-5-0x00007FF875970000-0x00007FF875B65000-memory.dmp

Filesize
2.0MB

Download
memory/2912-3-0x0000000000820000-0x00000000016D0000-memory.dmp

Filesize
14.7MB

Download
memory/2912-6-0x00007FF875970000-0x00007FF875B65000-memory.dmp

Filesize
2.0MB

Download
memory/2912-7-0x00007FF875970000-0x00007FF875B65000-memory.dmp

Filesize
2.0MB

Download
memory/2912-8-0x00007FF875970000-0x00007FF875B65000-memory.dmp

Filesize
2.0MB

Download
memory/2912-9-0x0000000000820000-0x00000000016D0000-memory.dmp

Filesize
14.7MB

Download
memory/2912-10-0x00007FF875970000-0x00007FF875B65000-memory.dmp

Filesize
2.0MB

Download
memory/2912-11-0x0000000000820000-0x00000000016D0000-memory.dmp

Filesize
14.7MB

Download
memory/2912-12-0x00007FF875970000-0x00007FF875B65000-memory.dmp

Filesize
2.0MB

Download
memory/2912-37-0x0000000000820000-0x00000000016D0000-memory.dmp

Filesize
14.7MB

Download
memory/2912-2-0x00007FF875970000-0x00007FF875B65000-memory.dmp

Filesize
2.0MB

Download
memory/2912-25-0x00007FF875970000-0x00007FF875B65000-memory.dmp

Filesize
2.0MB

Download
memory/2912-22-0x00007FF875970000-0x00007FF875B65000-memory.dmp

Filesize
2.0MB

Download
memory/2912-18-0x00007FF875970000-0x00007FF875B65000-memory.dmp

Filesize
2.0MB

Download
memory/2912-24-0x000001CC70A70000-0x000001CC70A8A000-memory.dmp

Filesize
104KB

Download
memory/2912-1-0x00007FF421360000-0x00007FF421731000-memory.dmp

Filesize
3.8MB

Download
memory/2912-26-0x00007FF875970000-0x00007FF875B65000-memory.dmp

Filesize
2.0MB

Download
memory/2912-14-0x00007FF875970000-0x00007FF875B65000-memory.dmp

Filesize
2.0MB

Download
memory/2912-27-0x00007FF7F5B70000-0x00007FF7F5B80000-memory.dmp

Filesize
64KB

Download
memory/2912-28-0x00007FF873A80000-0x00007FF873A90000-memory.dmp

Filesize
64KB

Download
memory/2912-33-0x0000000000720000-0x0000000000728000-memory.dmp

Filesize
32KB

Download
memory/2912-34-0x00007FF857980000-0x00007FF858441000-memory.dmp

Filesize
10.8MB

Download
memory/2912-0-0x0000000000820000-0x00000000016D0000-memory.dmp

Filesize
14.7MB

Download
memory/2912-36-0x000001CC70AB0000-0x000001CC70AC0000-memory.dmp

Filesize
64KB

Download
memory/2912-13-0x00007FF875970000-0x00007FF875B65000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads