a13755ee0ec68e6d1dc3af7a4dadf6acf52e8a282c5c873ea491d158488ae7b8

Analysis

max time kernel
1553s
max time network
1495s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 23:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

EtZPtyji.exe
Size

27.7MB
MD5

5a82e1dde9d6d937394d43e7007c4e20
SHA1

bd1581112a8b8834dd88a212f7fd33eb08e1fc42
SHA256

a13755ee0ec68e6d1dc3af7a4dadf6acf52e8a282c5c873ea491d158488ae7b8
SHA512

e984130fa2608797e87601f97de508af227c3bcd08f97312d8d95709c4e1164cadec46f75371a10d8f5d889fc801aca40f792af5d152fc35f8a676eaeb01ee6b
SSDEEP

786432:GaLbIdX7mEDaH0bt+tJK/qHeksvgxiBHB:GKIdLjDc0AtNHetvFpB

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\eicar.com	EtZPtyji.exe
File opened for modification	C:\Windows\System32\eicar.com	EtZPtyji.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
3940	EtZPtyji.exe
3940	EtZPtyji.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3940	EtZPtyji.exe
3940	EtZPtyji.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4512	svchost.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 4700	3940	EtZPtyji.exe	86
PID 3940 wrote to memory of 4700	3940	EtZPtyji.exe	86

C:\Users\Admin\AppData\Local\Temp\EtZPtyji.exe
"C:\Users\Admin\AppData\Local\Temp\EtZPtyji.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4700

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:5036

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\eicar.com

Filesize
68B

MD5
44d88612fea8a8f36de82e1278abb02f

SHA1
3395856ce81f2b7382dee72602f798b642f14140

SHA256
275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f

SHA512
cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab

Download Submit
memory/3940-0-0x00007FFAF3370000-0x00007FFAF3372000-memory.dmp

Filesize
8KB

Download
memory/3940-1-0x00007FF7DAF70000-0x00007FF7DDD79000-memory.dmp

Filesize
46.0MB

Download
memory/3940-2-0x00007FF7DAF70000-0x00007FF7DDD79000-memory.dmp

Filesize
46.0MB

Download
memory/3940-15-0x00007FF7DAF70000-0x00007FF7DDD79000-memory.dmp

Filesize
46.0MB

Download
memory/4512-53-0x0000021E9A940000-0x0000021E9A941000-memory.dmp

Filesize
4KB

Download
memory/4512-57-0x0000021E9A940000-0x0000021E9A941000-memory.dmp

Filesize
4KB

Download
memory/4512-48-0x0000021E9A920000-0x0000021E9A921000-memory.dmp

Filesize
4KB

Download
memory/4512-49-0x0000021E9A940000-0x0000021E9A941000-memory.dmp

Filesize
4KB

Download
memory/4512-50-0x0000021E9A940000-0x0000021E9A941000-memory.dmp

Filesize
4KB

Download
memory/4512-51-0x0000021E9A940000-0x0000021E9A941000-memory.dmp

Filesize
4KB

Download
memory/4512-52-0x0000021E9A940000-0x0000021E9A941000-memory.dmp

Filesize
4KB

Download
memory/4512-16-0x0000021E92240000-0x0000021E92250000-memory.dmp

Filesize
64KB

Download
memory/4512-54-0x0000021E9A940000-0x0000021E9A941000-memory.dmp

Filesize
4KB

Download
memory/4512-55-0x0000021E9A940000-0x0000021E9A941000-memory.dmp

Filesize
4KB

Download
memory/4512-56-0x0000021E9A940000-0x0000021E9A941000-memory.dmp

Filesize
4KB

Download
memory/4512-32-0x0000021E92340000-0x0000021E92350000-memory.dmp

Filesize
64KB

Download
memory/4512-58-0x0000021E9A940000-0x0000021E9A941000-memory.dmp

Filesize
4KB

Download
memory/4512-59-0x0000021E9A570000-0x0000021E9A571000-memory.dmp

Filesize
4KB

Download
memory/4512-60-0x0000021E9A560000-0x0000021E9A561000-memory.dmp

Filesize
4KB

Download
memory/4512-62-0x0000021E9A570000-0x0000021E9A571000-memory.dmp

Filesize
4KB

Download
memory/4512-65-0x0000021E9A560000-0x0000021E9A561000-memory.dmp

Filesize
4KB

Download
memory/4512-68-0x0000021E9A4A0000-0x0000021E9A4A1000-memory.dmp

Filesize
4KB

Download
memory/4512-80-0x0000021E9A6A0000-0x0000021E9A6A1000-memory.dmp

Filesize
4KB

Download
memory/4512-82-0x0000021E9A6B0000-0x0000021E9A6B1000-memory.dmp

Filesize
4KB

Download
memory/4512-83-0x0000021E9A6B0000-0x0000021E9A6B1000-memory.dmp

Filesize
4KB

Download
memory/4512-84-0x0000021E9A7C0000-0x0000021E9A7C1000-memory.dmp

Filesize
4KB

Download