15cf685e8aaada79ceb1efef5d93f30092754adc8d1d58088beb1d1dceb5426a

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a8e195910de451cc785679c38e50196.exe
Size

475KB
MD5

9a8e195910de451cc785679c38e50196
SHA1

4a52016581f10e6ccae98889700e50eb5138aa89
SHA256

15cf685e8aaada79ceb1efef5d93f30092754adc8d1d58088beb1d1dceb5426a
SHA512

e838795c3e6ecabb6e71b2321319efb78a9b6e0575e89634bf8b3120420e0fdbe03edc45b6274cbd99facbe0dd7733e21802855451700b3d9b546adcf625985a
SSDEEP

12288:gYOUJAyVEO8kV0fJOFBezrlMpF2IqcYPoxmtF9Z:1JAySfJOCtMpRqcwoxmf9Z

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1532	yhiagvicbojqgn.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1532	yhiagvicbojqgn.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1532	yhiagvicbojqgn.exe
1532	yhiagvicbojqgn.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 1532	872	9a8e195910de451cc785679c38e50196.exe	84
PID 872 wrote to memory of 1532	872	9a8e195910de451cc785679c38e50196.exe	84

C:\Users\Admin\AppData\Local\Temp\9a8e195910de451cc785679c38e50196.exe
"C:\Users\Admin\AppData\Local\Temp\9a8e195910de451cc785679c38e50196.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:872
- C:\Users\Admin\AppData\Local\Temp\yhiagvicbojqgn.exe
  "C:\Users\Admin\AppData\Local\Temp\\yhiagvicbojqgn.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
475KB

MD5
9a8e195910de451cc785679c38e50196

SHA1
4a52016581f10e6ccae98889700e50eb5138aa89

SHA256
15cf685e8aaada79ceb1efef5d93f30092754adc8d1d58088beb1d1dceb5426a

SHA512
e838795c3e6ecabb6e71b2321319efb78a9b6e0575e89634bf8b3120420e0fdbe03edc45b6274cbd99facbe0dd7733e21802855451700b3d9b546adcf625985a

Download Submit
C:\Users\Admin\AppData\Local\Temp\yhiagvicbojqgn.exe

Filesize
23KB

MD5
831fe278215fcca35b2591bd81bfc398

SHA1
b1b37650a6ff8208968d95c3f89fcf52fdafaf0d

SHA256
7a19030ab932a63e1d6facc331ee2add06143fc581e9f6c6585eecab6c94d552

SHA512
997314ce7bb525f81545474777344aa0c87dbf8eb5ab3a0b2edb843f936527da063ce64a4c47cba0b2bd56f3e9c80245d659a681977013e85380132109664e9e

Download Submit
memory/1532-13-0x00000000009E0000-0x00000000009F0000-memory.dmp

Filesize
64KB

Download
memory/1532-14-0x000000001B070000-0x000000001B078000-memory.dmp

Filesize
32KB

Download
memory/1532-8-0x000000001B360000-0x000000001B3A4000-memory.dmp

Filesize
272KB

Download
memory/1532-9-0x000000001B870000-0x000000001BD3E000-memory.dmp

Filesize
4.8MB

Download
memory/1532-10-0x000000001BDE0000-0x000000001BE7C000-memory.dmp

Filesize
624KB

Download
memory/1532-6-0x00000000009E0000-0x00000000009F0000-memory.dmp

Filesize
64KB

Download
memory/1532-5-0x00007FFC9F070000-0x00007FFC9FA11000-memory.dmp

Filesize
9.6MB

Download
memory/1532-7-0x00007FFC9F070000-0x00007FFC9FA11000-memory.dmp

Filesize
9.6MB

Download
memory/1532-15-0x00000000009E0000-0x00000000009F0000-memory.dmp

Filesize
64KB

Download
memory/1532-16-0x00000000009E0000-0x00000000009F0000-memory.dmp

Filesize
64KB

Download
memory/1532-17-0x000000001F5E0000-0x000000001F642000-memory.dmp

Filesize
392KB

Download
memory/1532-28-0x00007FFC9F070000-0x00007FFC9FA11000-memory.dmp

Filesize
9.6MB

Download
memory/1532-29-0x00000000009E0000-0x00000000009F0000-memory.dmp

Filesize
64KB

Download
memory/1532-30-0x00000000009E0000-0x00000000009F0000-memory.dmp

Filesize
64KB

Download
memory/1532-31-0x00000000009E0000-0x00000000009F0000-memory.dmp

Filesize
64KB

Download
memory/1532-32-0x00000000009E0000-0x00000000009F0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads