03289aedf1e87700add5ee59738254a63e89583d787dbcbbddb4a247de6e071a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03289aedf1e87700add5ee59738254a63e89583d787dbcbbddb4a247de6e071a.exe
Size

458KB
MD5

19fbd7eda8ef7a99a791125adc84b925
SHA1

5050175948b3c6cf76eb5d19efac39703d2e23a6
SHA256

03289aedf1e87700add5ee59738254a63e89583d787dbcbbddb4a247de6e071a
SHA512

8044a5c1b4257aaec7aff5ef4a3b9f4f33586ddebbd50d6d3a2014845624fdd46e2cc8022f35c87573bfbd82d93e49702efa2a66ab396a10164efeb0d7cfb419
SSDEEP

6144:El/Lw/FSCDkuLEiKyYu+oyoSLareCAJBOiKCn2V/bSef8jJVwZCpg7cXxUXXYW:cCDLLEnVFHr6C2lOTwgp3UN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4708	ghboawxallnwjp.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4708	ghboawxallnwjp.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4708	ghboawxallnwjp.exe
4708	ghboawxallnwjp.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 4708	4984	03289aedf1e87700add5ee59738254a63e89583d787dbcbbddb4a247de6e071a.exe	89
PID 4984 wrote to memory of 4708	4984	03289aedf1e87700add5ee59738254a63e89583d787dbcbbddb4a247de6e071a.exe	89

C:\Users\Admin\AppData\Local\Temp\03289aedf1e87700add5ee59738254a63e89583d787dbcbbddb4a247de6e071a.exe
"C:\Users\Admin\AppData\Local\Temp\03289aedf1e87700add5ee59738254a63e89583d787dbcbbddb4a247de6e071a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Users\Admin\AppData\Local\Temp\ykmoncpwznaq\ghboawxallnwjp.exe
  "C:\Users\Admin\AppData\Local\Temp\ykmoncpwznaq\ghboawxallnwjp.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ykmoncpwznaq\ghboawxallnwjp.exe

Filesize
7KB

MD5
a920f9982ebe898cfe8186862bdd73c9

SHA1
cc2124916313fe766b4cdba6ddbbe0650269e1e1

SHA256
861fe2aedc282e1e4c76af368c02e6aeb0d2cf342da77b0540b2456e3928fa38

SHA512
af2c8529e19cb0a020142477b30b01d5a9f3a465e1d3c09f3e7f84bb78594eb07c16196576402926fc98789a72329b9d367fc6464581c2fd6641f971784ee175

Download Submit
C:\Users\Admin\AppData\Local\Temp\ykmoncpwznaq\parent.txt

Filesize
458KB

MD5
19fbd7eda8ef7a99a791125adc84b925

SHA1
5050175948b3c6cf76eb5d19efac39703d2e23a6

SHA256
03289aedf1e87700add5ee59738254a63e89583d787dbcbbddb4a247de6e071a

SHA512
8044a5c1b4257aaec7aff5ef4a3b9f4f33586ddebbd50d6d3a2014845624fdd46e2cc8022f35c87573bfbd82d93e49702efa2a66ab396a10164efeb0d7cfb419

Download Submit
memory/4708-14-0x0000000001720000-0x0000000001730000-memory.dmp

Filesize
64KB

Download
memory/4708-15-0x0000000020110000-0x0000000020172000-memory.dmp

Filesize
392KB

Download
memory/4708-8-0x00007FFC73630000-0x00007FFC73FD1000-memory.dmp

Filesize
9.6MB

Download
memory/4708-9-0x000000001C470000-0x000000001C93E000-memory.dmp

Filesize
4.8MB

Download
memory/4708-10-0x000000001C9E0000-0x000000001CA7C000-memory.dmp

Filesize
624KB

Download
memory/4708-11-0x0000000001600000-0x0000000001608000-memory.dmp

Filesize
32KB

Download
memory/4708-12-0x0000000001720000-0x0000000001730000-memory.dmp

Filesize
64KB

Download
memory/4708-13-0x0000000001720000-0x0000000001730000-memory.dmp

Filesize
64KB

Download
memory/4708-7-0x0000000001720000-0x0000000001730000-memory.dmp

Filesize
64KB

Download
memory/4708-6-0x000000001BF00000-0x000000001BF44000-memory.dmp

Filesize
272KB

Download
memory/4708-5-0x00007FFC73630000-0x00007FFC73FD1000-memory.dmp

Filesize
9.6MB

Download
memory/4708-18-0x0000000001720000-0x0000000001730000-memory.dmp

Filesize
64KB

Download
memory/4708-27-0x00000000224D0000-0x0000000022C76000-memory.dmp

Filesize
7.6MB

Download
memory/4708-28-0x00007FFC73630000-0x00007FFC73FD1000-memory.dmp

Filesize
9.6MB

Download
memory/4708-29-0x0000000001720000-0x0000000001730000-memory.dmp

Filesize
64KB

Download
memory/4708-30-0x0000000001720000-0x0000000001730000-memory.dmp

Filesize
64KB

Download
memory/4708-31-0x0000000001720000-0x0000000001730000-memory.dmp

Filesize
64KB

Download
memory/4708-32-0x0000000001720000-0x0000000001730000-memory.dmp

Filesize
64KB

Download
memory/4708-33-0x0000000001720000-0x0000000001730000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads