Overview

overview

8

Static

static

3

c146a3211b...d0.exe

windows7-x64

c146a3211b...d0.exe

windows10-2004-x64

Analysis

  • max time kernel
    17s
  • max time network
    22s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 18:17

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    c146a3211b790671dce4bcbb33f4d1d0.exe

  • Size

    92KB

  • MD5

    c146a3211b790671dce4bcbb33f4d1d0

  • SHA1

    8af0e6574014e4f68f77202e3fa238e1d7282241

  • SHA256

    ec5a15cb3b74a79706af4c6592ce7b5fd145aa11d03afb699b35b48ec308f603

  • SHA512

    d0cfbb93562d36253cfce744d91202d1f5371f793e55c5d460064bd20d201476b939fd9b4892de6752945eadcce0b08b33f411fbe2432d83968f4d86af2abe74

  • SSDEEP

    1536:td2h0N8B7NfMh9oe7XYD7qu++rX+bkrFq5EPDY0N5u8xIMos+:tdiRNgbID7F+6+whPDY0lIMob

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c146a3211b790671dce4bcbb33f4d1d0.exe
    "C:\Users\Admin\AppData\Local\Temp\c146a3211b790671dce4bcbb33f4d1d0.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4812
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa39f5855 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:1048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4812-0-0x0000000001000000-0x0000000001018000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4812-1-0x0000000001000000-0x0000000001018000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4812-2-0x0000000000E40000-0x0000000000E41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4812-3-0x0000000001000000-0x0000000001018000-memory.dmp

    Filesize

    96KB

    Download