Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23/02/2024, 12:49
Behavioral task
behavioral1
Sample
TokenGen.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
TokenGen.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
TokenGen.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
TokenGen.pyc
Resource
win10v2004-20240221-en
General
-
Target
TokenGen.exe
-
Size
8.4MB
-
MD5
6ab683496d974568e89cacbc75e8f911
-
SHA1
9422365d1bdef1232f79ae92897589250a65735b
-
SHA256
2c77f01d2d3d4e3f32e25437d8afc259e3c5f9e8f40fb8d7688637b11649b682
-
SHA512
446348fdba1fb4c28e36edac99c6bc1e13eb2af482499ada21030d425e730051a26e8c2ea1d01822bfb596802be489160b8dc52906e86ec7bf2c3b37a63bcdd0
-
SSDEEP
196608:Ye4IHXzkneX38DXDQ9/tbYPvbJQlHHO2SvJ37n8CS79JjXSKn:9Hy0MDTQ9/kJQlnEc9RC
Malware Config
Signatures
-
Loads dropped DLL 6 IoCs
pid Process 1636 TokenGen.exe 1636 TokenGen.exe 1636 TokenGen.exe 1636 TokenGen.exe 1636 TokenGen.exe 1636 TokenGen.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2176 wrote to memory of 1636 2176 TokenGen.exe 29 PID 2176 wrote to memory of 1636 2176 TokenGen.exe 29 PID 2176 wrote to memory of 1636 2176 TokenGen.exe 29 PID 2176 wrote to memory of 1636 2176 TokenGen.exe 29 PID 1636 wrote to memory of 2496 1636 TokenGen.exe 30 PID 1636 wrote to memory of 2496 1636 TokenGen.exe 30 PID 1636 wrote to memory of 2496 1636 TokenGen.exe 30 PID 1636 wrote to memory of 2496 1636 TokenGen.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\TokenGen.exe"C:\Users\Admin\AppData\Local\Temp\TokenGen.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2176 -
C:\Users\Admin\AppData\Local\Temp\TokenGen.exe"C:\Users\Admin\AppData\Local\Temp\TokenGen.exe"2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1636 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c Title Token Generator v1.93⤵PID:2496
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD56db386d733f82ea48868aa6f545377e5
SHA1ff3ed40b56cae8bb21201c89d67736b4771194a7
SHA256409347cac216532b65046ef28eb80ab0be81ec44b42b2b3a64e2a90faabbdb8c
SHA512f9a49c21c5efe2f8bda03e05cd7f375cdcdb9fbf67f7e5db2ab005f3f4f346dc015dd5e2107aeb2f21810acc8c0e9f0351d6092320c25f6ca4c8ed66d08f1f22
-
Filesize
113KB
MD53a2e78784b929003a6baceebdb0efa4d
SHA1abb48b6a96e22b9bd6d2a8443f5811088c540922
SHA256f205948b01b29cb244ae09c5b57fd4b6c8f356dfcd2f8cb49e7cfd177a748cf9
SHA512ad5a9a5143b7e452d92cc7ea5db12967b2073b626be3437d17041d7ae6d82ee24b15d161d2f708639d3bbf8c657202cd845009a219657557203497ea355876ce
-
Filesize
67KB
MD5cea329ce0935e99a8bc01070f07fefaf
SHA19d81307e9559d0661633530e5756957b05d84268
SHA256d1a4d66c557c2fe7dc441614ca62e67f37ec44bef5a762bac41bac15d491a930
SHA512b6aea9c2221bf35b0895c35942cf3c9613ec7919540b4c24a3b97d7a0846256e9ba654e8f233fadca1b15ff0b7d30d73adfaec85bcadb6100fd73e62d3a068ab
-
Filesize
768KB
MD51162eb4c51c50e54909a31d03a30548b
SHA15724bda677dfd2545ab02496ffcda76522c17137
SHA256228dfd18d006a848d50999c278cc74f21423afe9268874d0277a9fcc8e9593ab
SHA512fb78949ff304bc3fbe3e1b12b282638fb84ccdf08f92c9ce930fb2d69c3dad78926f4a5f5b93e061b1e082c28e236827b7420f755e2a911090caaa9f4fc08d15
-
Filesize
28KB
MD5bc20614744ebf4c2b8acd28d1fe54174
SHA1665c0acc404e13a69800fae94efd69a41bdda901
SHA2560c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57
SHA5120c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b
-
Filesize
3.9MB
MD57e771d92e814a9fe3520b9f1af6176e0
SHA12b1d2fc31fdc2d1940d3835e1e62214414e6cffd
SHA25654326ecd163c7fffcdd02620490b6bde727c6a3153bff9706cf086510e4aa36d
SHA512547bdf9048d3b3bc88741ce2307ed4a48b10407d17dbb9f5ba5a727d59d208069abddb90d24b3d4bf0aa5ced2bdcabec3230baf73f2576652035afe5a1297667
-
Filesize
23KB
MD526bc7e9826bc13a4d0cf681b0e5cf3c8
SHA1effff42e88cdd66bc4397de1a6d3b5ae540f820b
SHA2568e7366cf6e128f977f8977a8db45a714ba72e643b31bd26b7676f33d3d8df612
SHA51216d92785a234e60301aa6c4c5d508bdaff805689d4f160ab3c0c4d0c2376dd3616f676ad2fa81c08ea80e4fb862c3a15e1b59212508dddb388c8a768726b018a
-
Filesize
81KB
MD54c360f78de1f5baaa5f110e65fac94b4
SHA120a2e66fd577293b33ba1c9d01ef04582deaf3a5
SHA256ad1b0992b890bfe88ef52d0a830873acc0aecc9bd6e4fc22397dbccf4d2b4e37
SHA512c6bba093d2e83b178a783d1ddfd1530c3adcb623d299d56db1b94ed34c0447e88930200bf45e5fb961f8fd7ad691310b586a7d754d7a6d7d27d58b74986a4db8