Analysis

  • max time kernel
    154s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 00:49

General

  • Target

    b35cd39d4d132e5fdd1561644f1d7f4c.exe

  • Size

    53KB

  • MD5

    b35cd39d4d132e5fdd1561644f1d7f4c

  • SHA1

    c250277669c65a5a8ca6af6676b94a7c0af8826a

  • SHA256

    994302eb33e3da38c27165b7ee9166f880faf46e353d4f21ae5d4d2f832494b0

  • SHA512

    85c789e69643aae65c429956add19c72e79ef2d3114ec62e4238339c33c39cbfd2a6db761c95b003e74eab68d8e6699e8b6e5e810e8ad820019a131d48d5d260

  • SSDEEP

    768:N/EdeVWoFxMq08vcGz+eIPKjKsiYiReftGZ4m7ai5zqqhdGlT18RuvTx2wexIdeV:N/R108EBKY4fU6m7p5zqYiaobz

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:612
    • C:\Users\Admin\AppData\Local\Temp\b35cd39d4d132e5fdd1561644f1d7f4c.exe
      "C:\Users\Admin\AppData\Local\Temp\b35cd39d4d132e5fdd1561644f1d7f4c.exe"
      1⤵
      • Modifies WinLogon for persistence
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1264
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:4396

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/612-15-0x0000000000400000-0x000000000042B000-memory.dmp

              Filesize

              172KB

            • memory/612-24-0x0000000012D80000-0x0000000012DAB000-memory.dmp

              Filesize

              172KB

            • memory/612-33-0x0000000012DB0000-0x0000000012DDB000-memory.dmp

              Filesize

              172KB

            • memory/612-42-0x0000000012DE0000-0x0000000012E0B000-memory.dmp

              Filesize

              172KB

            • memory/612-51-0x0000000012E10000-0x0000000012E3B000-memory.dmp

              Filesize

              172KB

            • memory/612-60-0x0000000012E40000-0x0000000012E6B000-memory.dmp

              Filesize

              172KB

            • memory/612-69-0x0000000012E70000-0x0000000012E9B000-memory.dmp

              Filesize

              172KB

            • memory/612-78-0x0000000012EA0000-0x0000000012ECB000-memory.dmp

              Filesize

              172KB

            • memory/612-87-0x0000000012ED0000-0x0000000012EFB000-memory.dmp

              Filesize

              172KB

            • memory/612-96-0x0000000012F00000-0x0000000012F2B000-memory.dmp

              Filesize

              172KB

            • memory/612-105-0x0000000012F30000-0x0000000012F5B000-memory.dmp

              Filesize

              172KB

            • memory/612-114-0x0000000012F60000-0x0000000012F8B000-memory.dmp

              Filesize

              172KB

            • memory/612-123-0x0000000012F90000-0x0000000012FBB000-memory.dmp

              Filesize

              172KB

            • memory/612-132-0x0000000012FC0000-0x0000000012FEB000-memory.dmp

              Filesize

              172KB

            • memory/612-141-0x0000000012FF0000-0x000000001301B000-memory.dmp

              Filesize

              172KB

            • memory/612-150-0x0000000013020000-0x000000001304B000-memory.dmp

              Filesize

              172KB

            • memory/612-159-0x0000000013050000-0x000000001307B000-memory.dmp

              Filesize

              172KB

            • memory/612-168-0x0000000013080000-0x00000000130AB000-memory.dmp

              Filesize

              172KB

            • memory/612-177-0x00000000130B0000-0x00000000130DB000-memory.dmp

              Filesize

              172KB

            • memory/612-186-0x00000000130E0000-0x000000001310B000-memory.dmp

              Filesize

              172KB

            • memory/612-195-0x0000000013110000-0x000000001313B000-memory.dmp

              Filesize

              172KB

            • memory/612-204-0x0000000013140000-0x000000001316B000-memory.dmp

              Filesize

              172KB

            • memory/612-213-0x0000000013170000-0x000000001319B000-memory.dmp

              Filesize

              172KB

            • memory/612-222-0x00000000131A0000-0x00000000131CB000-memory.dmp

              Filesize

              172KB

            • memory/612-231-0x00000000131D0000-0x00000000131FB000-memory.dmp

              Filesize

              172KB

            • memory/612-240-0x0000000013200000-0x000000001322B000-memory.dmp

              Filesize

              172KB

            • memory/612-249-0x0000000013230000-0x000000001325B000-memory.dmp

              Filesize

              172KB

            • memory/612-258-0x0000000013260000-0x000000001328B000-memory.dmp

              Filesize

              172KB

            • memory/612-267-0x0000000013290000-0x00000000132BB000-memory.dmp

              Filesize

              172KB

            • memory/612-276-0x00000000132C0000-0x00000000132EB000-memory.dmp

              Filesize

              172KB

            • memory/612-285-0x00000000132F0000-0x000000001331B000-memory.dmp

              Filesize

              172KB

            • memory/612-294-0x0000000013320000-0x000000001334B000-memory.dmp

              Filesize

              172KB

            • memory/612-303-0x0000000013350000-0x000000001337B000-memory.dmp

              Filesize

              172KB

            • memory/612-312-0x0000000013380000-0x00000000133AB000-memory.dmp

              Filesize

              172KB

            • memory/612-321-0x00000000133B0000-0x00000000133DB000-memory.dmp

              Filesize

              172KB

            • memory/612-330-0x00000000133E0000-0x000000001340B000-memory.dmp

              Filesize

              172KB

            • memory/612-339-0x0000000013410000-0x000000001343B000-memory.dmp

              Filesize

              172KB

            • memory/612-348-0x0000000013440000-0x000000001346B000-memory.dmp

              Filesize

              172KB

            • memory/612-357-0x0000000013470000-0x000000001349B000-memory.dmp

              Filesize

              172KB

            • memory/612-366-0x00000000134A0000-0x00000000134CB000-memory.dmp

              Filesize

              172KB

            • memory/612-375-0x00000000134D0000-0x00000000134FB000-memory.dmp

              Filesize

              172KB

            • memory/612-384-0x0000000013500000-0x000000001352B000-memory.dmp

              Filesize

              172KB

            • memory/612-393-0x0000000013530000-0x000000001355B000-memory.dmp

              Filesize

              172KB

            • memory/612-402-0x0000000013560000-0x000000001358B000-memory.dmp

              Filesize

              172KB

            • memory/612-411-0x0000000013590000-0x00000000135BB000-memory.dmp

              Filesize

              172KB

            • memory/612-420-0x00000000135C0000-0x00000000135EB000-memory.dmp

              Filesize

              172KB

            • memory/612-429-0x00000000135F0000-0x000000001361B000-memory.dmp

              Filesize

              172KB

            • memory/612-438-0x0000000013620000-0x000000001364B000-memory.dmp

              Filesize

              172KB

            • memory/612-447-0x0000000013650000-0x000000001367B000-memory.dmp

              Filesize

              172KB

            • memory/612-456-0x0000000013680000-0x00000000136AB000-memory.dmp

              Filesize

              172KB

            • memory/612-465-0x00000000136B0000-0x00000000136DB000-memory.dmp

              Filesize

              172KB

            • memory/612-474-0x00000000136E0000-0x000000001370B000-memory.dmp

              Filesize

              172KB

            • memory/612-483-0x0000000013710000-0x000000001373B000-memory.dmp

              Filesize

              172KB

            • memory/612-492-0x0000000013740000-0x000000001376B000-memory.dmp

              Filesize

              172KB

            • memory/612-501-0x0000000013770000-0x000000001379B000-memory.dmp

              Filesize

              172KB

            • memory/612-510-0x00000000137A0000-0x00000000137CB000-memory.dmp

              Filesize

              172KB

            • memory/612-519-0x00000000137D0000-0x00000000137FB000-memory.dmp

              Filesize

              172KB

            • memory/612-528-0x0000000013800000-0x000000001382B000-memory.dmp

              Filesize

              172KB

            • memory/612-537-0x0000000013830000-0x000000001385B000-memory.dmp

              Filesize

              172KB

            • memory/612-546-0x0000000013860000-0x000000001388B000-memory.dmp

              Filesize

              172KB

            • memory/612-555-0x0000000013890000-0x00000000138BB000-memory.dmp

              Filesize

              172KB

            • memory/612-564-0x00000000138C0000-0x00000000138EB000-memory.dmp

              Filesize

              172KB

            • memory/1264-0-0x0000000000400000-0x000000000042B000-memory.dmp

              Filesize

              172KB

            • memory/1264-2-0x0000000000400000-0x000000000042B000-memory.dmp

              Filesize

              172KB