d31ea29be320d29ae26e39c4cb1d36e54884a4793a101714576bee1600286113

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14-02-2024 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ba843d01136559fdeb6f4ef68c2b4ee.exe
Size

150KB
MD5

9ba843d01136559fdeb6f4ef68c2b4ee
SHA1

bc94993d99c2a59cb0a683c242a527c000e8ada6
SHA256

d31ea29be320d29ae26e39c4cb1d36e54884a4793a101714576bee1600286113
SHA512

40a9ca040a8aeaf88e53542529ad02e31cd4904b999a6da9d69293455dc09ea3c605c97a4ddded8d6629394f77d96f467262563987275dc7c88cc91b6901d4db
SSDEEP

3072:tjsVAn3MtZIc6YiUhDkBpGUu0LAMdRz/ACf8pPpP04XxUpCbbdds:tj7M7OuDkBfu0EMX/ACEp59Pr

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe
1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe
1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe
2744	svchost.exe
2520	svchost.exe
2520	svchost.exe
2520	svchost.exe
2744	svchost.exe
2744	svchost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe
1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe

Suspicious behavior: MapViewOfSection 3 IoCs

pid	Process
1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe
1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe
1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2744	1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe	28
PID 1920 wrote to memory of 2744	1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe	28
PID 1920 wrote to memory of 2744	1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe	28
PID 1920 wrote to memory of 2744	1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe	28
PID 1920 wrote to memory of 2520	1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe	29
PID 1920 wrote to memory of 2520	1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe	29
PID 1920 wrote to memory of 2520	1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe	29
PID 1920 wrote to memory of 2520	1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe	29
PID 1920 wrote to memory of 2616	1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe	30
PID 1920 wrote to memory of 2616	1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe	30
PID 1920 wrote to memory of 2616	1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe	30
PID 1920 wrote to memory of 2616	1920	9ba843d01136559fdeb6f4ef68c2b4ee.exe	30

C:\Users\Admin\AppData\Local\Temp\9ba843d01136559fdeb6f4ef68c2b4ee.exe
"C:\Users\Admin\AppData\Local\Temp\9ba843d01136559fdeb6f4ef68c2b4ee.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\SysWOW64\svchost.exe
  -k netsvcs
  2⤵
  - Loads dropped DLL
  PID:2744
- C:\Windows\SysWOW64\svchost.exe
  -k netsvcs
  2⤵
  - Loads dropped DLL
  PID:2520
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe"
  2⤵
  PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AE9.tmp

Filesize
1.2MB

MD5
d124f55b9393c976963407dff51ffa79

SHA1
2c7bbedd79791bfb866898c85b504186db610b5d

SHA256
ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef

SHA512
278fe3a4b1fbbe700e4f4483b610133e975e36e101455661d5197bd892a68839b9d555499040d200c92aefa9e3819380e395c0cd85d5fc845c6364d128a8cf06

Download Submit
C:\Users\Admin\AppData\Local\Temp\B09.tmp

Filesize
1.1MB

MD5
9b98d47916ead4f69ef51b56b0c2323c

SHA1
290a80b4ded0efc0fd00816f373fcea81a521330

SHA256
96e0ae104c9662d0d20fdf59844c2d18334e5847b6c4fc7f8ce4b3b87f39887b

SHA512
68b67021f228d8d71df4deb0b6388558b2f935a6aa466a12199cd37ada47ee588ea407b278d190d3a498b0ef3f5f1a2573a469b7ea5561ab2e7055c45565fe94

Download Submit
\Users\Admin\AppData\Local\Temp\A1E.tmp

Filesize
1.0MB

MD5
d45b650bcfebacb1ee1a639a052a32f1

SHA1
efc43705dffef6fa1f11f0c6bcb80a808ac5bc03

SHA256
f1407e44ed9c3c0516f5650e4b60dcd0a539c167bfc29dd524b0a4c7a99ea17e

SHA512
f5d68dff9d129447fea8e907786e5e601f2948d23f2625d23e0cb57ff94e9e6e913fbe4640b9a70f60efcf367c23df20481fa575c3d08db909658767f20698a3

Download Submit
\Users\Admin\AppData\Local\Temp\A2F.tmp

Filesize
485KB

MD5
abedd04afc0764e17d4f30acf69a692d

SHA1
c85d4a2723aa7803af46b23556249e5bcbd0bce1

SHA256
3251f545cd78baf70f28c2d47c70666a67cd1af7b209f539ced7f8a0fa7d42ad

SHA512
adff3a1e8ba18669f9df9c3b6a3bbdae92a00aa47b323c83cdb1cbac1c3d6de3f6ae5c275bb320dd7ced658a8f446e64d15cd8f3c68dcf4cdeabcb5a75039200

Download Submit
\Users\Admin\AppData\Local\Temp\A4F.tmp

Filesize
202KB

MD5
7ff15a4f092cd4a96055ba69f903e3e9

SHA1
a3d338a38c2b92f95129814973f59446668402a8

SHA256
1b594e6d057c632abb3a8cf838157369024bd6b9f515ca8e774b22fe71a11627

SHA512
4b015d011c14c7e10568c09bf81894681535efb7d76c3ef9071fffb3837f62b36e695187b2d32581a30f07e79971054e231a2ca4e8ad7f0f83d5876f8c086dae

Download Submit
memory/1920-38-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-57-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-2-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1920-4-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1920-13-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-62-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-61-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-60-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-59-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-58-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-35-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-56-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-55-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-54-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-53-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-52-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-51-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-50-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-49-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-48-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-47-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-46-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-45-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-44-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-43-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-42-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-41-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-40-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-39-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-0-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1920-63-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-37-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-1-0x0000000000460000-0x00000000004B8000-memory.dmp

Filesize
352KB

Download
memory/1920-34-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-33-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-32-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-31-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-30-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-29-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-28-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-27-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-26-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-25-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-24-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-23-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-22-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-21-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-20-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-19-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-68-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-67-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-66-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-65-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-69-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1920-70-0x0000000000271000-0x0000000000273000-memory.dmp

Filesize
8KB

Download
memory/1920-64-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/1920-73-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1920-78-0x0000000000460000-0x00000000004B8000-memory.dmp

Filesize
352KB

Download
memory/1920-36-0x0000000000270000-0x0000000000279000-memory.dmp

Filesize
36KB

Download
memory/2520-77-0x0000000000080000-0x00000000000BD000-memory.dmp

Filesize
244KB

Download
memory/2520-95-0x0000000000080000-0x00000000000BD000-memory.dmp

Filesize
244KB

Download
memory/2744-94-0x0000000000110000-0x000000000014D000-memory.dmp

Filesize
244KB

Download
memory/2744-76-0x0000000000110000-0x000000000014D000-memory.dmp

Filesize
244KB

Download
memory/2744-96-0x0000000000110000-0x000000000014D000-memory.dmp

Filesize
244KB

Download