ad59fb30aa86c502d4cdab5bc85ca806df8b49d23c1fb95a8ad2c120e1e0763a

Analysis

max time kernel
179s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RoundedTB_canary20231016_2/RoundedTB/RoundedTB.exe
Size

183.4MB
MD5

d7dd1877fc68a100f4234ec597758403
SHA1

f9eeaa5cb786726219becb996bdf1b99015a015e
SHA256

e8d67e60369a57c85cca5d7628144445e2badd9943f32c79bc0e433fba1405df
SHA512

6f12c56c2ea94190d03ff352832015ee291fca47c52189b6a6b65726b17c24e1fc6671887d41c3259665858f464f1a9d61a3a24bb54ad507946bea82bab540f0
SSDEEP

786432:4p64yeKbOP+XcLXi9CnsTRtI9n1gmwky3Sg6NCvabCTDwtTtLwSTRpf4P1wT1tFj:4nK4gcLiCrymwk1nC3ADd

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
184	RoundedTB.exe
184	RoundedTB.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	184	RoundedTB.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe
184	RoundedTB.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
184	RoundedTB.exe

C:\Users\Admin\AppData\Local\Temp\RoundedTB_canary20231016_2\RoundedTB\RoundedTB.exe
"C:\Users\Admin\AppData\Local\Temp\RoundedTB_canary20231016_2\RoundedTB\RoundedTB.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/184-0-0x0000000180000000-0x0000000180A25000-memory.dmp

Filesize
10.1MB

Download
memory/184-3-0x0000027ADAF90000-0x0000027ADBF18000-memory.dmp

Filesize
15.5MB

Download
memory/184-8-0x00007FF7D4DD0000-0x00007FF7D5717000-memory.dmp

Filesize
9.3MB

Download
memory/184-6-0x0000027ADA000000-0x0000027ADA228000-memory.dmp

Filesize
2.2MB

Download
memory/184-10-0x0000027AD8E50000-0x0000027AD8FAE000-memory.dmp

Filesize
1.4MB

Download
memory/184-13-0x0000027AD8D50000-0x0000027AD8D94000-memory.dmp

Filesize
272KB

Download
memory/184-16-0x0000027AD8DA0000-0x0000027AD8DDE000-memory.dmp

Filesize
248KB

Download
memory/184-19-0x0000027ADBF20000-0x0000027ADC762000-memory.dmp

Filesize
8.3MB

Download
memory/184-22-0x0000027ADA2C0000-0x0000027ADA340000-memory.dmp

Filesize
512KB

Download
memory/184-25-0x0000027AD8D30000-0x0000027AD8D3D000-memory.dmp

Filesize
52KB

Download
memory/184-28-0x0000027AD8D20000-0x0000027AD8D25000-memory.dmp

Filesize
20KB

Download
memory/184-31-0x0000027AD8E00000-0x0000027AD8E13000-memory.dmp

Filesize
76KB

Download
memory/184-34-0x0000027AD8D40000-0x0000027AD8D47000-memory.dmp

Filesize
28KB

Download
memory/184-37-0x0000027AD8E20000-0x0000027AD8E39000-memory.dmp

Filesize
100KB

Download
memory/184-40-0x0000027AD8FB0000-0x0000027AD8FC6000-memory.dmp

Filesize
88KB

Download
memory/184-43-0x0000027ADA280000-0x0000027ADA2C0000-memory.dmp

Filesize
256KB

Download
memory/184-46-0x0000027AD8DE0000-0x0000027AD8DF8000-memory.dmp

Filesize
96KB

Download
memory/184-49-0x0000027ADA230000-0x0000027ADA242000-memory.dmp

Filesize
72KB

Download
memory/184-52-0x0000027ADA700000-0x0000027ADA7F4000-memory.dmp

Filesize
976KB

Download
memory/184-55-0x0000027AD8FF0000-0x0000027AD8FF8000-memory.dmp

Filesize
32KB

Download
memory/184-58-0x0000027ADA390000-0x0000027ADA3D7000-memory.dmp

Filesize
284KB

Download
memory/184-61-0x0000027ADA250000-0x0000027ADA27A000-memory.dmp

Filesize
168KB

Download
memory/184-64-0x0000027ADE9B0000-0x0000027ADF1CC000-memory.dmp

Filesize
8.1MB

Download
memory/184-157-0x00007FF7D4DD0000-0x00007FF7D5717000-memory.dmp

Filesize
9.3MB

Download