Analysis

  • max time kernel
    153s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-03-2024 23:32

General

  • Target

    Trojan/666mm psy/666mm psy.exe

  • Size

    7KB

  • MD5

    0094d516fb8b1cd38dbc22320db9d57c

  • SHA1

    70dec0d081c29461c1a534905fa3ca13f559eaf9

  • SHA256

    16f61017a179c22b18ef3b9207b1fa4dc8bc242fd36c9e73192b1a20a088e506

  • SHA512

    2fe0b815f5aee8f7b1f61d69ab8ec9e981b087a05914c64af230258f85854982026303014d997414941ec0c22c85e1ea057eb0b235883156729ce977efdbd3d0

  • SSDEEP

    96:0P67TeuaABBDSyst9pvr51V+65lssssssso:0y7TqABBW517lssssssso

Score
1/10

Malware Config

Signatures

  • Kills process with taskkill 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Trojan\666mm psy\666mm psy.exe
    "C:\Users\Admin\AppData\Local\Temp\Trojan\666mm psy\666mm psy.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:440
    • C:\Windows\SysWOW64\cmd.exe
      /c ""C:\Users\Admin\AppData\Local\Temp\240672875.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1440
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /F /IM explorer.exe
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4968
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3688 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3740

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\240672875.bat

      Filesize

      911B

      MD5

      2e90ad588f5329388216c652eebd4a33

      SHA1

      baa4f47ee4f195d854f8db905fcbb2539556f0e0

      SHA256

      6f88a1b6fb5975e2e49b33e7c9dabb593b18b2e7254bbe41263a9acc7294c2ac

      SHA512

      b793ffcfca291e52855dd92ce1f948ce8b6f6bfe0e9a878cf7c37630b621eb417fe8b720bea8f088bec98b26c6e379bb1212d8518bb6ebed8b9840e2f9f9f778

    • memory/440-2-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB