Overview

overview

8

Static

static

3

63f2ab9a7f...a9.exe

windows7-x64

8

63f2ab9a7f...a9.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/03/2024, 01:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    63f2ab9a7f787ee530b9ed91605f74a9.exe

  • Size

    168KB

  • MD5

    63f2ab9a7f787ee530b9ed91605f74a9

  • SHA1

    dbc2304b7404405979d1548f0f0e92bf593e1440

  • SHA256

    1a91c8f99c5ba1028dfe0605a68b7f6c0d5868964bd861484cbaa7898d4a3472

  • SHA512

    3b06c1efa11186f1f8984e0d3e20baafe58bebb72df6a5d3e00a1cd3dc5729cde8d8ccaece7b60a9a5342e702bab77121fa05465718e2f894ee04e975022f31d

  • SSDEEP

    1536:1EGh0oBlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oBlqOPOe2MUVg3Ve+rX

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 22 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Drops file in Windows directory 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63f2ab9a7f787ee530b9ed91605f74a9.exe
    "C:\Users\Admin\AppData\Local\Temp\63f2ab9a7f787ee530b9ed91605f74a9.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Windows\{8F2C1B8F-B773-47a0-8382-CB4A903CA3D7}.exe
      C:\Windows\{8F2C1B8F-B773-47a0-8382-CB4A903CA3D7}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Windows\{C29801D1-2A9A-4df9-AB98-D50852A6D621}.exe
        C:\Windows\{C29801D1-2A9A-4df9-AB98-D50852A6D621}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2548
        • C:\Windows\{323637D5-2398-4ee3-8081-38CDCAD3C532}.exe
          C:\Windows\{323637D5-2398-4ee3-8081-38CDCAD3C532}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2428
          • C:\Windows\{3CD7ADF7-DCF0-4f2f-850D-FC197239A4AE}.exe
            C:\Windows\{3CD7ADF7-DCF0-4f2f-850D-FC197239A4AE}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2940
            • C:\Windows\{37F3DBCC-AC36-4904-B688-C951BF02ED26}.exe
              C:\Windows\{37F3DBCC-AC36-4904-B688-C951BF02ED26}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:2884
              • C:\Windows\{C5CBF419-5004-4138-BE76-A7896BD94B1F}.exe
                C:\Windows\{C5CBF419-5004-4138-BE76-A7896BD94B1F}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1228
                • C:\Windows\{E33F3022-58A7-43b4-90B4-67BC50507D3C}.exe
                  C:\Windows\{E33F3022-58A7-43b4-90B4-67BC50507D3C}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2632
                  • C:\Windows\{49545901-5045-46cd-A727-86BBB6AFC926}.exe
                    C:\Windows\{49545901-5045-46cd-A727-86BBB6AFC926}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2776
                    • C:\Windows\{44AF23FA-B552-4f46-9DC8-548B46B5706A}.exe
                      C:\Windows\{44AF23FA-B552-4f46-9DC8-548B46B5706A}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1208
                      • C:\Windows\{5EF9A178-40AC-4651-A77A-0C9DC6A7370E}.exe
                        C:\Windows\{5EF9A178-40AC-4651-A77A-0C9DC6A7370E}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2076
                        • C:\Windows\{7CC9382C-0AE9-4a95-A45F-3B83FD89CE28}.exe
                          C:\Windows\{7CC9382C-0AE9-4a95-A45F-3B83FD89CE28}.exe
                          12⤵
                          • Executes dropped EXE
                          PID:2856
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{5EF9A~1.EXE > nul
                          12⤵
                            PID:2072
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{44AF2~1.EXE > nul
                          11⤵
                            PID:2096
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{49545~1.EXE > nul
                          10⤵
                            PID:1132
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{E33F3~1.EXE > nul
                          9⤵
                            PID:2744
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C5CBF~1.EXE > nul
                          8⤵
                            PID:1380
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{37F3D~1.EXE > nul
                          7⤵
                            PID:868
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{3CD7A~1.EXE > nul
                          6⤵
                            PID:2956
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{32363~1.EXE > nul
                          5⤵
                            PID:2148
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{C2980~1.EXE > nul
                          4⤵
                            PID:2536
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Windows\{8F2C1~1.EXE > nul
                          3⤵
                            PID:2408
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\63F2AB~1.EXE > nul
                          2⤵
                            PID:1996

                        Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Windows\{323637D5-2398-4ee3-8081-38CDCAD3C532}.exe
                                Filesize

                                168KB

                                MD5

                                5961720df5d7df9d3040a86f78d0a970

                                SHA1

                                d3461aa65ec3ea5744b19e3ab7eff63c688fed28

                                SHA256

                                5287aaf32870a8c9b48d454c0fd02386f5eead381d34d164e127474a44f44c0e

                                SHA512

                                02ca3b88abf95478a5d597bf0d571b3b4a111b204c42bebf11f7418c2e8eeb710e8e2fd3fe421c2c47550233ad9a7ac6d52f244b66a18ed326ee110e69f498bd

                                Download Submit

                              • C:\Windows\{37F3DBCC-AC36-4904-B688-C951BF02ED26}.exe
                                Filesize

                                168KB

                                MD5

                                072be3c2c86a40de551733b8a6535ec7

                                SHA1

                                27d91cae8fc2f5554684a677b1e06ca563d4ef77

                                SHA256

                                0276b8171089aa3545479e3b2e4b64d870ad556cb7a8a9fdbde9ed737ce635a3

                                SHA512

                                547bbece538dcd3718288b98e821450fed09eef0d4d424dad59ac66111d4e505e0e511aaab6a3174b6a0351b9570ff193b62950379cd2a4032f2d8b74b74acd3

                                Download Submit

                              • C:\Windows\{3CD7ADF7-DCF0-4f2f-850D-FC197239A4AE}.exe
                                Filesize

                                168KB

                                MD5

                                e24cc6e282faf53f88a735e5061a9448

                                SHA1

                                dcb34d60d851a114e77dc574906fbffb2ea0457b

                                SHA256

                                fc84ddd8ee797c3e065cde03a41ccc7f8e7a397d88650af11ee630bc22e239a1

                                SHA512

                                a62d6258029045e9a0f922d577d44f4bcf1e6de218eff432f07f18336c0ff2894403a789a2e701fc510a28f41fa3ff74b7621fb8e9d51bd2398f0357632561de

                                Download Submit

                              • C:\Windows\{44AF23FA-B552-4f46-9DC8-548B46B5706A}.exe
                                Filesize

                                168KB

                                MD5

                                24d5b1d32bf0d37084169f93e3be0ba7

                                SHA1

                                4428b901092a4ef6ad28347fcc66f11325bc6102

                                SHA256

                                0cb6fc8c58283e5ae700e289c46dc4be1e6b4cd33d4318ab349b0f98d8e95b34

                                SHA512

                                10e0ea05feac798c7be5fcbcfd31a934d7c7148a751ce5dae4f22ce48cf04cde8f7b0eb61d27665efeeead8a1430912756e1b30112fd95b6cb8cfc6890f06301

                                Download Submit

                              • C:\Windows\{49545901-5045-46cd-A727-86BBB6AFC926}.exe
                                Filesize

                                168KB

                                MD5

                                fa8cd23dcd0cebf1893eb9fb1d0e0462

                                SHA1

                                96f409a7b85c83dc4efd81cabac2668e4db473e5

                                SHA256

                                cbb645c07f379e3c747728959891ca0f1a942d479870ba233a23edd96ed34d67

                                SHA512

                                e36a0c06911485cca3c6b29586bcfe95c890013356f185623088c35fb9292e1079d16e2c443e7e6b99f37c6319900ccc734de3fc36bb1357a7230657f2e81d08

                                Download Submit

                              • C:\Windows\{5EF9A178-40AC-4651-A77A-0C9DC6A7370E}.exe
                                Filesize

                                168KB

                                MD5

                                95cd475fd185934db05cc8732886312c

                                SHA1

                                21e15af108159a0617f4766333f618cd6da7b68a

                                SHA256

                                51d9199ebed980e46ca0d302e5638bc81ffe2e9db401d04242ed522cec62f937

                                SHA512

                                cd1d4674e1b22844846a5f8f999622c56327e965ffffc5e486a7bb26c2a79e3a0c437f664089089dae43084ed0e6882ee0e4045cbc369d7b8196767ff4ae84c8

                                Download Submit

                              • C:\Windows\{7CC9382C-0AE9-4a95-A45F-3B83FD89CE28}.exe
                                Filesize

                                168KB

                                MD5

                                bf57c4448368874104ec86252f5032f7

                                SHA1

                                d67af3b43313343f3558f41c58da3dc072225d35

                                SHA256

                                b1b3eba7140c9cbe548cc2bcaa74a0bcfa8bf0378182a7ac90a6b3f61f9c73ce

                                SHA512

                                95961f40beadd8eed535d54c5567b4fefa2a5ba7aee61c416fb86fe27928e908941d5df26c5129e9e73f81327d02c46bb6e2541fd57e7035468cb20368ad3f7e

                                Download Submit

                              • C:\Windows\{8F2C1B8F-B773-47a0-8382-CB4A903CA3D7}.exe
                                Filesize

                                168KB

                                MD5

                                674982d27b85f1e1bce38e879f707665

                                SHA1

                                ef1332c02fa15e0f0d864a4464ec0b600f7b2ed7

                                SHA256

                                95c065e7a39cfb87d7b9a1c36d46b452f98526f4670ab916b9bf52f447576528

                                SHA512

                                b5873e9dd28a3d08a88b2ccda1791280352b66879fda11c60b461b3931f1877cca6d36acda7a6fb71a54cbb37598d127eb40fd79c59079acbd7a6a66e2a4fbe4

                                Download Submit

                              • C:\Windows\{C29801D1-2A9A-4df9-AB98-D50852A6D621}.exe
                                Filesize

                                168KB

                                MD5

                                9a5c1e59c12ce9bd1902dd5d6a52fc14

                                SHA1

                                92c6c474e4db2b1bbf7e1bfe62d146d0fa692435

                                SHA256

                                d94fcabcd3adab0a3a41e381e36d763c6d2c4ec399d0f58824387c168976a8e1

                                SHA512

                                d67331774e1f86c50d06e394d8af56ff79058869bb7baebf7c34dfd26c3a404ca473ee3242a12952f572b8b5d8d825e2161b585671e574c997118fb3d30288b8

                                Download Submit

                              • C:\Windows\{C5CBF419-5004-4138-BE76-A7896BD94B1F}.exe
                                Filesize

                                168KB

                                MD5

                                de0a8b46c1ca1c6c8db9e762476068ad

                                SHA1

                                75d3114e947b27066a6f1254816b64690e33cc49

                                SHA256

                                6a960d9c7a32f3b3244373cd2233c02589d417a72288d8e3b1ea6dd59c9e5725

                                SHA512

                                f709c6696622600d43143186dcd41ff573be8e013c14888e919aff4d9c437509cc772df81f87fb3c65eb09643f6c58925e2cbde3435867125699729465235f72

                                Download Submit

                              • C:\Windows\{E33F3022-58A7-43b4-90B4-67BC50507D3C}.exe
                                Filesize

                                168KB

                                MD5

                                7d8f7900f19e79ca6ce1157ba4b4e129

                                SHA1

                                ac53096cb171caef95c379240961df992e2f9c2c

                                SHA256

                                1ae9e808a9bac01fa3fdd82ce11f883bb6238cdc87c0ad9458acdd05bac51382

                                SHA512

                                3b7158c325d30e78b35c4d165af3b95c5a688e07afeb829cf9bc56499c415649602a39d599c56f6ef0dd7869b601afe2d9e805364c1f31fcf5bb2acda7c84377

                                Download Submit