452821fd685d6ceb7f4f574266b6956c3b321e8d4298918d7b392a98922ecc9a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 04:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bdb2961b494808b810db474d3e32a1c3.exe
Size

874KB
MD5

bdb2961b494808b810db474d3e32a1c3
SHA1

e04f26c056eda8ea8ad160e287c6bc91d7d851be
SHA256

452821fd685d6ceb7f4f574266b6956c3b321e8d4298918d7b392a98922ecc9a
SHA512

b6f2ea7dd726596f708401549e105227486f6b0be74ba1aa1dcb60ce3bf4bcd2c0459effbca7855c7d5f152dd9bf9dd226d5276e7800b1ad17ce273e70eb8e38
SSDEEP

24576:OUMLKmtvPyHu7BtwG/jjly9pNg4W7HM84cN+2QHCCV:ZiKmHyO1t9dp7s8FQ5

Score

7^/10

evasion trojan

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
896	bdb2961b494808b810db474d3e32a1c3.exe
896	bdb2961b494808b810db474d3e32a1c3.exe
896	bdb2961b494808b810db474d3e32a1c3.exe
896	bdb2961b494808b810db474d3e32a1c3.exe
896	bdb2961b494808b810db474d3e32a1c3.exe
896	bdb2961b494808b810db474d3e32a1c3.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	bdb2961b494808b810db474d3e32a1c3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 3708	2400	bdb2961b494808b810db474d3e32a1c3.exe	87
PID 2400 wrote to memory of 3708	2400	bdb2961b494808b810db474d3e32a1c3.exe	87
PID 2400 wrote to memory of 3708	2400	bdb2961b494808b810db474d3e32a1c3.exe	87
PID 3708 wrote to memory of 896	3708	bdb2961b494808b810db474d3e32a1c3.exe	88
PID 3708 wrote to memory of 896	3708	bdb2961b494808b810db474d3e32a1c3.exe	88
PID 3708 wrote to memory of 896	3708	bdb2961b494808b810db474d3e32a1c3.exe	88

C:\Users\Admin\AppData\Local\Temp\bdb2961b494808b810db474d3e32a1c3.exe
"C:\Users\Admin\AppData\Local\Temp\bdb2961b494808b810db474d3e32a1c3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\AppData\Local\Temp\bdb2961b494808b810db474d3e32a1c3.exe
  "C:\Users\Admin\AppData\Local\Temp\bdb2961b494808b810db474d3e32a1c3.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3708
- - C:\Users\Admin\AppData\Local\Temp\bdb2961b494808b810db474d3e32a1c3.exe
    "C:\Users\Admin\AppData\Local\Temp\bdb2961b494808b810db474d3e32a1c3.exe"
    3⤵
    - Loads dropped DLL
    - Checks whether UAC is enabled
    PID:896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\T2MrT5gEqnMNsAZraKU\extramod.dll

Filesize
73KB

MD5
ce21df7bde07a787e392a5fea1cf5e87

SHA1
4f867f99ec2008c8e7104934a077144cb741c7f0

SHA256
c65e2ea4bc9b2598dea0551f4a66ce8f76bcfe7bdc0eb081fb1db02bf3596121

SHA512
fc7196485fcbf74befa18b15cf27ce81c5a74bbcaf38bd6697210ea93000a22e70f2a0afd2e670f40683d983569759eb4f991414b60e23756ec5e84e38a79576

Download Submit
C:\Users\Admin\AppData\Local\Temp\T2MrT5gEqnMNsAZraKU\loading_screen.dll

Filesize
5KB

MD5
44dac7f87bdf94d553f8d2cf073d605d

SHA1
21bf5d714b9fcab32ba40ff7d36e48c378b67a06

SHA256
0e7dedad1360a808e7ab1086ff1fffa7b72f09475c07a6991b74a6c6b78ccf66

SHA512
92c6bf81d514b3a07e7796843200a78c17969720776b03c0d347aeefedb8f1269f6aac642728a38544836c1f17c594d570718d11368dc91fe5194ee5e83e1774

Download Submit
C:\Users\Admin\AppData\Local\Temp\T2MrT5gEqnMNsAZraKU\lua51.dll

Filesize
494KB

MD5
f0c59526f8186eadaf2171b8fd2967c1

SHA1
8ffbe3e03d8139b50b41931c7b3360a0eebdb5cb

SHA256
6e35d85fe4365e508adc7faffc4517c29177380c2ba420f02c2b9ee03103d3f6

SHA512
dccd287c5f25cac346836e1140b743756178d01cd58539cf8fac12f7ae54d338bfb4364c650edb4d6018ef1f4065f7e9835d32fd608f8ae66c67a0ffd05e9854

Download Submit
C:\Users\Admin\AppData\Local\Temp\T2MrT5gEqnMNsAZraKU\shared_library.dll

Filesize
200KB

MD5
e99fb4e841e96ecf351229c3874147c7

SHA1
430c5614a8185f868afb682df6871bdd637036be

SHA256
6ad6fe3dc87e6c69ebcf1d56bcae791341cbade3a49444405a17a55beabe2d4b

SHA512
de3592852657d67bc0f693c2d1c868d1de3314cdbe6eaa8b79558f7bd5562cc3272e26d5507ad2fb58b5785fb9af0a8b05578afd569d12e7b1a3d786da9d1ac5

Download Submit
memory/896-18-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/896-17-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/896-14-0x0000000000790000-0x00000000007C6000-memory.dmp

Filesize
216KB

Download
memory/896-19-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/896-20-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/896-21-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/896-22-0x000000007FE30000-0x000000007FE40000-memory.dmp

Filesize
64KB

Download
memory/896-23-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/896-7-0x0000000000650000-0x0000000000666000-memory.dmp

Filesize
88KB

Download
memory/896-29-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download