2a131c51ef508ee97bed81ab1f8d6724e9c204e9e7f3a4b582a6d166566becf9

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae2635114829eb0aae2b46af4df3afd1.exe
Size

174KB
MD5

ae2635114829eb0aae2b46af4df3afd1
SHA1

e218ea9a073f8847e893b85ccf02bb7efb63695b
SHA256

2a131c51ef508ee97bed81ab1f8d6724e9c204e9e7f3a4b582a6d166566becf9
SHA512

1fa171ceb6260e4c86d78f801b59d3ed7dbdb97c6b947a0d2cd6b07a32912ccb0b4fcd10667d64dc8a8af288e28081924c03c3384e597cc7dcde6867399e331f
SSDEEP

3072:W30pKrjCTJ6NhBicoaeFTorbwn/DEYIEjOvidBzmjkYLGWBXSy+wInkLS3wip13N:FqjkJ6NhBic2tofw7EYPOadBzIDuy+wz

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
1752	ae2635114829eb0aae2b46af4df3afd1.exe
1752	ae2635114829eb0aae2b46af4df3afd1.exe
1752	ae2635114829eb0aae2b46af4df3afd1.exe
1812	svchost.exe
1812	svchost.exe
1812	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1752	ae2635114829eb0aae2b46af4df3afd1.exe
1752	ae2635114829eb0aae2b46af4df3afd1.exe

Suspicious behavior: MapViewOfSection 3 IoCs

pid	Process
1752	ae2635114829eb0aae2b46af4df3afd1.exe
1752	ae2635114829eb0aae2b46af4df3afd1.exe
1752	ae2635114829eb0aae2b46af4df3afd1.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1752	ae2635114829eb0aae2b46af4df3afd1.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2468	1752	ae2635114829eb0aae2b46af4df3afd1.exe	28
PID 1752 wrote to memory of 2468	1752	ae2635114829eb0aae2b46af4df3afd1.exe	28
PID 1752 wrote to memory of 2468	1752	ae2635114829eb0aae2b46af4df3afd1.exe	28
PID 1752 wrote to memory of 2468	1752	ae2635114829eb0aae2b46af4df3afd1.exe	28
PID 1752 wrote to memory of 1812	1752	ae2635114829eb0aae2b46af4df3afd1.exe	29
PID 1752 wrote to memory of 1812	1752	ae2635114829eb0aae2b46af4df3afd1.exe	29
PID 1752 wrote to memory of 1812	1752	ae2635114829eb0aae2b46af4df3afd1.exe	29
PID 1752 wrote to memory of 1812	1752	ae2635114829eb0aae2b46af4df3afd1.exe	29
PID 1752 wrote to memory of 2656	1752	ae2635114829eb0aae2b46af4df3afd1.exe	30
PID 1752 wrote to memory of 2656	1752	ae2635114829eb0aae2b46af4df3afd1.exe	30
PID 1752 wrote to memory of 2656	1752	ae2635114829eb0aae2b46af4df3afd1.exe	30
PID 1752 wrote to memory of 2656	1752	ae2635114829eb0aae2b46af4df3afd1.exe	30

C:\Users\Admin\AppData\Local\Temp\ae2635114829eb0aae2b46af4df3afd1.exe
"C:\Users\Admin\AppData\Local\Temp\ae2635114829eb0aae2b46af4df3afd1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\svchost.exe
  -k netsvcs
  2⤵
  - Loads dropped DLL
  PID:2468
- C:\Windows\SysWOW64\svchost.exe
  -k netsvcs
  2⤵
  - Loads dropped DLL
  PID:1812
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe"
  2⤵
  PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\65A6.tmp

Filesize
448KB

MD5
03ed4eb8ae0fa5058198a9da4b96190d

SHA1
b38fab6b76ca4f83bd14ea10d5abb5fd7a5f119f

SHA256
7d9b2bb04140f72c4a8c9073f0782c490f2f245a32046ebb2716e41b0b4b24d6

SHA512
09a17b9dac4a28120b64c47f207ebe39255e91e0e35606668dbd853f79359e44adf4c865a61300e5d681d1e5df3490c6b3a3c4d032cf6010108a27ce57200aae

Download Submit
\Users\Admin\AppData\Local\Temp\62B9.tmp

Filesize
1.2MB

MD5
d124f55b9393c976963407dff51ffa79

SHA1
2c7bbedd79791bfb866898c85b504186db610b5d

SHA256
ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef

SHA512
278fe3a4b1fbbe700e4f4483b610133e975e36e101455661d5197bd892a68839b9d555499040d200c92aefa9e3819380e395c0cd85d5fc845c6364d128a8cf06

Download Submit
\Users\Admin\AppData\Local\Temp\6365.tmp

Filesize
1.1MB

MD5
9b98d47916ead4f69ef51b56b0c2323c

SHA1
290a80b4ded0efc0fd00816f373fcea81a521330

SHA256
96e0ae104c9662d0d20fdf59844c2d18334e5847b6c4fc7f8ce4b3b87f39887b

SHA512
68b67021f228d8d71df4deb0b6388558b2f935a6aa466a12199cd37ada47ee588ea407b278d190d3a498b0ef3f5f1a2573a469b7ea5561ab2e7055c45565fe94

Download Submit
\Users\Admin\AppData\Local\Temp\63F3.tmp

Filesize
202KB

MD5
7ff15a4f092cd4a96055ba69f903e3e9

SHA1
a3d338a38c2b92f95129814973f59446668402a8

SHA256
1b594e6d057c632abb3a8cf838157369024bd6b9f515ca8e774b22fe71a11627

SHA512
4b015d011c14c7e10568c09bf81894681535efb7d76c3ef9071fffb3837f62b36e695187b2d32581a30f07e79971054e231a2ca4e8ad7f0f83d5876f8c086dae

Download Submit
\Users\Admin\AppData\Local\Temp\65A6.tmp

Filesize
512KB

MD5
87b64244f6ae6606d3bb887eb8f6c1c7

SHA1
23c5ef2c0706e2957d808d3970bd395d131348d4

SHA256
404d360fe29cccf1762acfbad31905b832e8dbedaa92fca1dd5da1c4d31661a5

SHA512
aac7c9c98434b7e36094528b606b9d37c34073c975223d55b6c1d9755b6117ffa745987ad34521033218f9a863c28196ca17860adcf5ab416536e27d04567d0c

Download Submit
\Users\Admin\AppData\Local\Temp\65D6.tmp

Filesize
256KB

MD5
98be413d96789bc7367f74d5b51711bc

SHA1
658db4b47f8efb68810e66aa81bef809aa37de5d

SHA256
d163327d55ebe58b6cadbd57f360a63c803396c46305ac3c7481cc7d41fbbb6a

SHA512
14b90a702a3f50d4629b731860774d88978dd4721f7d6f6e9cb19e12b7b2d909cf39514677b8cb7d94add5204713f20d98c7a7b3aaf977582b7cdaf5675b0daf

Download Submit
\Users\Admin\AppData\Local\Temp\6615.tmp

Filesize
128KB

MD5
12733226204447c3a8fa470d5ca470f7

SHA1
6be9b6b2948ced68b67d8a00a67e8433e62fd44e

SHA256
9f55be00f496249a203d9cc0af2be61862e3280c0e7eeec568ebdf20c3c02431

SHA512
e8dd6b57e84884b01c15a53f9e98cf45fbd3e7dd2d64cde489630050ffa07db2c8691cbaa5cf289eb28ed1262712fff990e74d34db0d3aa7e81696d3d04711d6

Download Submit
memory/1752-44-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-32-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-38-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-39-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-37-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-41-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-51-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-63-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-64-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-66-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-62-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-61-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-60-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-59-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-58-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-34-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-56-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-55-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-54-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-53-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-52-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-50-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-49-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-48-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-47-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-46-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-45-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-22-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-43-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-42-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-28-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-36-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-57-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-33-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-35-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-31-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-30-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-27-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-26-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-25-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-24-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-23-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-21-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-20-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-67-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-68-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-69-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-70-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-71-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-72-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-74-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-73-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-75-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-79-0x0000000000020000-0x000000000007C000-memory.dmp

Filesize
368KB

Download
memory/1752-14-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1752-2-0x0000000000020000-0x000000000007C000-memory.dmp

Filesize
368KB

Download
memory/1752-1-0x00000000002F0000-0x0000000000311000-memory.dmp

Filesize
132KB

Download
memory/1752-0-0x00000000002C0000-0x00000000002E6000-memory.dmp

Filesize
152KB

Download
memory/1812-81-0x0000000000080000-0x00000000000D1000-memory.dmp

Filesize
324KB

Download
memory/1812-102-0x0000000000080000-0x00000000000D1000-memory.dmp

Filesize
324KB

Download
memory/2468-80-0x0000000000120000-0x0000000000171000-memory.dmp

Filesize
324KB

Download
memory/2468-98-0x0000000000120000-0x0000000000171000-memory.dmp

Filesize
324KB

Download
memory/2468-103-0x0000000000120000-0x0000000000171000-memory.dmp

Filesize
324KB

Download