3ece92463dcf24cb48108755946de3060883611669b3f54217e5600f06044883

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

baae7166db2043cb130b11250b1876fe.exe
Size

1.1MB
MD5

baae7166db2043cb130b11250b1876fe
SHA1

149ca24cd99231bbfa9b1802ace4912f648cd5b3
SHA256

3ece92463dcf24cb48108755946de3060883611669b3f54217e5600f06044883
SHA512

da23c754a84aab5bc0260d6c6e14536df897dd1db1cfb5749aec120c34d1ed31576386091bec51c38d63b2501a9a3f3403d4b527e3f5c703f437de03244171ac
SSDEEP

24576:FFWXykP5E3GkKJLqgam2UwVQCeYFC4W4:FFWXfoK1NamuQCecCF4

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2920	baae7166db2043cb130b11250b1876fe.exe
2920	baae7166db2043cb130b11250b1876fe.exe
2920	baae7166db2043cb130b11250b1876fe.exe
2920	baae7166db2043cb130b11250b1876fe.exe
2920	baae7166db2043cb130b11250b1876fe.exe
2920	baae7166db2043cb130b11250b1876fe.exe
2920	baae7166db2043cb130b11250b1876fe.exe
2920	baae7166db2043cb130b11250b1876fe.exe
2920	baae7166db2043cb130b11250b1876fe.exe
2920	baae7166db2043cb130b11250b1876fe.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2920	baae7166db2043cb130b11250b1876fe.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 1916	2920	baae7166db2043cb130b11250b1876fe.exe	30
PID 2920 wrote to memory of 1916	2920	baae7166db2043cb130b11250b1876fe.exe	30
PID 2920 wrote to memory of 1916	2920	baae7166db2043cb130b11250b1876fe.exe	30
PID 2920 wrote to memory of 1916	2920	baae7166db2043cb130b11250b1876fe.exe	30
PID 2920 wrote to memory of 2592	2920	baae7166db2043cb130b11250b1876fe.exe	31
PID 2920 wrote to memory of 2592	2920	baae7166db2043cb130b11250b1876fe.exe	31
PID 2920 wrote to memory of 2592	2920	baae7166db2043cb130b11250b1876fe.exe	31
PID 2920 wrote to memory of 2592	2920	baae7166db2043cb130b11250b1876fe.exe	31
PID 2920 wrote to memory of 2600	2920	baae7166db2043cb130b11250b1876fe.exe	32
PID 2920 wrote to memory of 2600	2920	baae7166db2043cb130b11250b1876fe.exe	32
PID 2920 wrote to memory of 2600	2920	baae7166db2043cb130b11250b1876fe.exe	32
PID 2920 wrote to memory of 2600	2920	baae7166db2043cb130b11250b1876fe.exe	32
PID 2920 wrote to memory of 2472	2920	baae7166db2043cb130b11250b1876fe.exe	33
PID 2920 wrote to memory of 2472	2920	baae7166db2043cb130b11250b1876fe.exe	33
PID 2920 wrote to memory of 2472	2920	baae7166db2043cb130b11250b1876fe.exe	33
PID 2920 wrote to memory of 2472	2920	baae7166db2043cb130b11250b1876fe.exe	33
PID 2920 wrote to memory of 2728	2920	baae7166db2043cb130b11250b1876fe.exe	34
PID 2920 wrote to memory of 2728	2920	baae7166db2043cb130b11250b1876fe.exe	34
PID 2920 wrote to memory of 2728	2920	baae7166db2043cb130b11250b1876fe.exe	34
PID 2920 wrote to memory of 2728	2920	baae7166db2043cb130b11250b1876fe.exe	34

C:\Users\Admin\AppData\Local\Temp\baae7166db2043cb130b11250b1876fe.exe
"C:\Users\Admin\AppData\Local\Temp\baae7166db2043cb130b11250b1876fe.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Users\Admin\AppData\Local\Temp\baae7166db2043cb130b11250b1876fe.exe
  "C:\Users\Admin\AppData\Local\Temp\baae7166db2043cb130b11250b1876fe.exe"
  2⤵
  PID:1916
- C:\Users\Admin\AppData\Local\Temp\baae7166db2043cb130b11250b1876fe.exe
  "C:\Users\Admin\AppData\Local\Temp\baae7166db2043cb130b11250b1876fe.exe"
  2⤵
  PID:2592
- C:\Users\Admin\AppData\Local\Temp\baae7166db2043cb130b11250b1876fe.exe
  "C:\Users\Admin\AppData\Local\Temp\baae7166db2043cb130b11250b1876fe.exe"
  2⤵
  PID:2600
- C:\Users\Admin\AppData\Local\Temp\baae7166db2043cb130b11250b1876fe.exe
  "C:\Users\Admin\AppData\Local\Temp\baae7166db2043cb130b11250b1876fe.exe"
  2⤵
  PID:2472
- C:\Users\Admin\AppData\Local\Temp\baae7166db2043cb130b11250b1876fe.exe
  "C:\Users\Admin\AppData\Local\Temp\baae7166db2043cb130b11250b1876fe.exe"
  2⤵
  PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2920-0-0x0000000000300000-0x000000000041A000-memory.dmp

Filesize
1.1MB

Download
memory/2920-1-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download
memory/2920-2-0x00000000047F0000-0x0000000004830000-memory.dmp

Filesize
256KB

Download
memory/2920-3-0x00000000002C0000-0x00000000002D8000-memory.dmp

Filesize
96KB

Download
memory/2920-4-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download
memory/2920-5-0x00000000047F0000-0x0000000004830000-memory.dmp

Filesize
256KB

Download
memory/2920-6-0x00000000056D0000-0x00000000057B4000-memory.dmp

Filesize
912KB

Download
memory/2920-7-0x00000000057F0000-0x0000000005868000-memory.dmp

Filesize
480KB

Download
memory/2920-8-0x0000000074470000-0x0000000074B5E000-memory.dmp

Filesize
6.9MB

Download