9b2b1e301bed2e080fb835aece6d2644b1ca3b5b673b34617bc6c0f378307d5a

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abc15af4008e8832a0a6cc6c90bf1599.exe
Size

724KB
MD5

abc15af4008e8832a0a6cc6c90bf1599
SHA1

66ccce6161849dd40d20bf1b5b30f2ee4cd74bd2
SHA256

9b2b1e301bed2e080fb835aece6d2644b1ca3b5b673b34617bc6c0f378307d5a
SHA512

faf4ba5cf6f5782b9b4dea6e2320ef6dfc207c011682f03b90a3430b43844c18ca3b2634ff040783f7575f065794284968185d86639dec48c3fac3febf10a872
SSDEEP

12288:uxHjL99LsEONTlqagN59/2MzTcDYOtygo2ZJTaR6fHl6vKP2rUi6K6aKUUifD0:aL99wBTlqagH12OcDYOogo23WR6fJPSK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2384	server_se.exe
2936	¼Ò³àsa.exe
2472	conzrz.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\conzrz.exe	server_se.exe
File opened for modification	C:\Windows\SysWOW64\conzrz.exe	server_se.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 9 IoCs

pid	Process
2384	server_se.exe
2384	server_se.exe
2384	server_se.exe
2384	server_se.exe
2384	server_se.exe
2384	server_se.exe
2384	server_se.exe
2384	server_se.exe
2384	server_se.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	2384	server_se.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 2384	832	abc15af4008e8832a0a6cc6c90bf1599.exe	28
PID 832 wrote to memory of 2384	832	abc15af4008e8832a0a6cc6c90bf1599.exe	28
PID 832 wrote to memory of 2384	832	abc15af4008e8832a0a6cc6c90bf1599.exe	28
PID 832 wrote to memory of 2384	832	abc15af4008e8832a0a6cc6c90bf1599.exe	28
PID 832 wrote to memory of 2384	832	abc15af4008e8832a0a6cc6c90bf1599.exe	28
PID 832 wrote to memory of 2384	832	abc15af4008e8832a0a6cc6c90bf1599.exe	28
PID 832 wrote to memory of 2384	832	abc15af4008e8832a0a6cc6c90bf1599.exe	28
PID 832 wrote to memory of 2936	832	abc15af4008e8832a0a6cc6c90bf1599.exe	29
PID 832 wrote to memory of 2936	832	abc15af4008e8832a0a6cc6c90bf1599.exe	29
PID 832 wrote to memory of 2936	832	abc15af4008e8832a0a6cc6c90bf1599.exe	29
PID 832 wrote to memory of 2936	832	abc15af4008e8832a0a6cc6c90bf1599.exe	29
PID 832 wrote to memory of 2936	832	abc15af4008e8832a0a6cc6c90bf1599.exe	29
PID 832 wrote to memory of 2936	832	abc15af4008e8832a0a6cc6c90bf1599.exe	29
PID 832 wrote to memory of 2936	832	abc15af4008e8832a0a6cc6c90bf1599.exe	29
PID 2384 wrote to memory of 2208	2384	server_se.exe	32
PID 2384 wrote to memory of 2208	2384	server_se.exe	32
PID 2384 wrote to memory of 2208	2384	server_se.exe	32
PID 2384 wrote to memory of 2208	2384	server_se.exe	32
PID 2384 wrote to memory of 2208	2384	server_se.exe	32
PID 2384 wrote to memory of 2208	2384	server_se.exe	32
PID 2384 wrote to memory of 2208	2384	server_se.exe	32

C:\Users\Admin\AppData\Local\Temp\abc15af4008e8832a0a6cc6c90bf1599.exe
"C:\Users\Admin\AppData\Local\Temp\abc15af4008e8832a0a6cc6c90bf1599.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:832
- C:\server_se.exe
  "C:\server_se.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2384
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\SERVER~1.EXE > nul
    3⤵
    PID:2208
- C:\¼Ò³àsa.exe
  "C:\¼Ò³àsa.exe"
  2⤵
  - Executes dropped EXE
  PID:2936

C:\Windows\SysWOW64\conzrz.exe
C:\Windows\SysWOW64\conzrz.exe
1⤵
- Executes dropped EXE
PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\server_se.exe

Filesize
1.0MB

MD5
25b839ba896917b0e8f29cb76daad781

SHA1
ba5d8c46534c38fec877ac7f972fc53516f5d120

SHA256
6914efea0c5bef4396dd9a548e5a12e21fa9ed7cdd4f5cd8ff5f3342510f292a

SHA512
0fc51a1ceaa6fde84e5defc83e7d5e284bad9d84d34948a62c98ea9091123c7c00df28b347c545e0df0eb3151ba121acd64b9778c2fec2ab95ea22ac7cead084

Download Submit
C:\¼Ò³àsa.exe

Filesize
384KB

MD5
ae2381b00c6fddd48a3aa2b2f6245df7

SHA1
caa4b850ff9f0d9c4aaf4ba7cf4190594035799f

SHA256
4d2fbd0727086715331680c06a2a79fd3ed1b003ea1386fab97f0d0fd878c653

SHA512
22c6d2eaeb1b96320171377cdc49cb0713430ca85fdecde108730d0a21bc96c43c11b0680505d12632d42100ee7a214dd005d490c3706135368246ea16d2d1a5

Download Submit
memory/832-8-0x0000000002990000-0x0000000002AA1000-memory.dmp

Filesize
1.1MB

Download
memory/832-12-0x0000000002990000-0x0000000002AA1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-446-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-443-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-426-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-432-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-436-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-441-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-447-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-442-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-457-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-462-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-468-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-472-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-477-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-483-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-488-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-487-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-486-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-485-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-484-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-482-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-481-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-480-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-479-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-478-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-476-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-475-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-474-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-473-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-471-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-470-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-469-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-467-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-466-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-465-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-464-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-463-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-461-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-460-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-459-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-458-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-456-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-455-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-454-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-453-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-451-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-450-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-449-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-448-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-10-0x0000000000400000-0x0000000000511000-memory.dmp

Filesize
1.1MB

Download
memory/2384-445-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-12742-0x0000000000400000-0x0000000000511000-memory.dmp

Filesize
1.1MB

Download
memory/2384-452-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-19-0x0000000074A40000-0x0000000074A87000-memory.dmp

Filesize
284KB

Download
memory/2384-440-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-439-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-438-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-437-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-435-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-434-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-433-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-431-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-430-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-429-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-428-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-427-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-1295-0x0000000002710000-0x0000000002891000-memory.dmp

Filesize
1.5MB

Download
memory/2384-1298-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-2884-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-2886-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-5245-0x0000000000400000-0x0000000000511000-memory.dmp

Filesize
1.1MB

Download
memory/2384-444-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2384-12187-0x0000000000400000-0x0000000000511000-memory.dmp

Filesize
1.1MB

Download
memory/2384-11193-0x00000000029C0000-0x0000000002AD1000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12242-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-7797-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-7799-0x0000000000D80000-0x0000000000F01000-memory.dmp

Filesize
1.5MB

Download
memory/2472-12189-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12191-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12193-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12199-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12201-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12203-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12209-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12211-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12213-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12215-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12185-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12220-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12218-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12224-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12226-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12230-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12232-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12234-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12236-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12238-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12240-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-5247-0x0000000000400000-0x0000000000511000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12244-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12247-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12323-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12741-0x0000000000400000-0x0000000000511000-memory.dmp

Filesize
1.1MB

Download
memory/2472-12222-0x0000000000F60000-0x0000000001071000-memory.dmp

Filesize
1.1MB

Download