23ac1cc5389359ca2db660813760237473fc523f0b68caa183117e724b7ba2ad

General

Target

c39d86fa0e621796f6ebfead6a94929c.exe
Size

292KB
MD5

c39d86fa0e621796f6ebfead6a94929c
SHA1

f8ee4dcd578dd9bf768874bc8d83232142753d5d
SHA256

23ac1cc5389359ca2db660813760237473fc523f0b68caa183117e724b7ba2ad
SHA512

56531664916b4547392b330ed3c836ca0bfe4a9b86750c5a59633898ccb7290138b4742b409e3186e6f4c186f68e6d8f517c26a756b13ea7ad1a13aefb7abce9
SSDEEP

6144:sZ7b+VMOpce2nu8Cb9JAUworceODRhjXd4nY3PqgKw:0O/WCb9JLsMaqg5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1732	c39d86fa0e621796f6ebfead6a94929c.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3288 set thread context of 4016	3288	c39d86fa0e621796f6ebfead6a94929c.exe	108
PID 3288 set thread context of 1732	3288	c39d86fa0e621796f6ebfead6a94929c.exe	109

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3288	c39d86fa0e621796f6ebfead6a94929c.exe
3288	c39d86fa0e621796f6ebfead6a94929c.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3288	c39d86fa0e621796f6ebfead6a94929c.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 3288 wrote to memory of 2672	3288	c39d86fa0e621796f6ebfead6a94929c.exe	97
PID 3288 wrote to memory of 2672	3288	c39d86fa0e621796f6ebfead6a94929c.exe	97
PID 3288 wrote to memory of 2672	3288	c39d86fa0e621796f6ebfead6a94929c.exe	97
PID 3288 wrote to memory of 2760	3288	c39d86fa0e621796f6ebfead6a94929c.exe	99
PID 3288 wrote to memory of 2760	3288	c39d86fa0e621796f6ebfead6a94929c.exe	99
PID 3288 wrote to memory of 2760	3288	c39d86fa0e621796f6ebfead6a94929c.exe	99
PID 3288 wrote to memory of 4016	3288	c39d86fa0e621796f6ebfead6a94929c.exe	108
PID 3288 wrote to memory of 4016	3288	c39d86fa0e621796f6ebfead6a94929c.exe	108
PID 3288 wrote to memory of 4016	3288	c39d86fa0e621796f6ebfead6a94929c.exe	108
PID 3288 wrote to memory of 4016	3288	c39d86fa0e621796f6ebfead6a94929c.exe	108
PID 3288 wrote to memory of 4016	3288	c39d86fa0e621796f6ebfead6a94929c.exe	108
PID 3288 wrote to memory of 4016	3288	c39d86fa0e621796f6ebfead6a94929c.exe	108
PID 3288 wrote to memory of 4016	3288	c39d86fa0e621796f6ebfead6a94929c.exe	108
PID 3288 wrote to memory of 4016	3288	c39d86fa0e621796f6ebfead6a94929c.exe	108
PID 3288 wrote to memory of 4016	3288	c39d86fa0e621796f6ebfead6a94929c.exe	108
PID 3288 wrote to memory of 4016	3288	c39d86fa0e621796f6ebfead6a94929c.exe	108
PID 3288 wrote to memory of 1732	3288	c39d86fa0e621796f6ebfead6a94929c.exe	109
PID 3288 wrote to memory of 1732	3288	c39d86fa0e621796f6ebfead6a94929c.exe	109
PID 3288 wrote to memory of 1732	3288	c39d86fa0e621796f6ebfead6a94929c.exe	109
PID 3288 wrote to memory of 1732	3288	c39d86fa0e621796f6ebfead6a94929c.exe	109
PID 3288 wrote to memory of 1732	3288	c39d86fa0e621796f6ebfead6a94929c.exe	109
PID 3288 wrote to memory of 1732	3288	c39d86fa0e621796f6ebfead6a94929c.exe	109
PID 3288 wrote to memory of 1732	3288	c39d86fa0e621796f6ebfead6a94929c.exe	109
PID 3288 wrote to memory of 1732	3288	c39d86fa0e621796f6ebfead6a94929c.exe	109
PID 3288 wrote to memory of 1732	3288	c39d86fa0e621796f6ebfead6a94929c.exe	109
PID 3288 wrote to memory of 1732	3288	c39d86fa0e621796f6ebfead6a94929c.exe	109

C:\Users\Admin\AppData\Local\Temp\c39d86fa0e621796f6ebfead6a94929c.exe
"C:\Users\Admin\AppData\Local\Temp\c39d86fa0e621796f6ebfead6a94929c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3288
- C:\Windows\SysWOW64\CMD.exe
  "CMD"
  2⤵
  PID:2672
- C:\Windows\SysWOW64\CMD.exe
  "CMD"
  2⤵
  PID:2760
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\\AppLaunch.exe"
  2⤵
  PID:4016
- C:\Users\Admin\AppData\Local\Temp\c39d86fa0e621796f6ebfead6a94929c.exe
  "C:\Users\Admin\AppData\Local\Temp\c39d86fa0e621796f6ebfead6a94929c.exe"
  2⤵
  - Executes dropped EXE
  PID:1732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3736 --field-trial-handle=2232,i,11267738607351977302,107266978269557304,262144 --variations-seed-version /prefetch:8
1⤵
PID:3584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c39d86fa0e621796f6ebfead6a94929c.exe

Filesize
292KB

MD5
c39d86fa0e621796f6ebfead6a94929c

SHA1
f8ee4dcd578dd9bf768874bc8d83232142753d5d

SHA256
23ac1cc5389359ca2db660813760237473fc523f0b68caa183117e724b7ba2ad

SHA512
56531664916b4547392b330ed3c836ca0bfe4a9b86750c5a59633898ccb7290138b4742b409e3186e6f4c186f68e6d8f517c26a756b13ea7ad1a13aefb7abce9

Download Submit
memory/1732-15-0x00000000009F0000-0x00000000009F1000-memory.dmp

Filesize
4KB

Download
memory/1732-20-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1732-19-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3288-14-0x0000000000C50000-0x0000000000D50000-memory.dmp

Filesize
1024KB

Download
memory/3288-4-0x0000000000C50000-0x0000000000D50000-memory.dmp

Filesize
1024KB

Download
memory/3288-1-0x0000000074DD0000-0x0000000075381000-memory.dmp

Filesize
5.7MB

Download
memory/3288-2-0x00000000010C0000-0x00000000010D0000-memory.dmp

Filesize
64KB

Download
memory/3288-18-0x0000000074DD0000-0x0000000075381000-memory.dmp

Filesize
5.7MB

Download
memory/3288-6-0x0000000000C50000-0x0000000000D50000-memory.dmp

Filesize
1024KB

Download
memory/3288-12-0x0000000074DD0000-0x0000000075381000-memory.dmp

Filesize
5.7MB

Download
memory/3288-13-0x00000000010C0000-0x00000000010D0000-memory.dmp

Filesize
64KB

Download
memory/3288-0-0x0000000074DD0000-0x0000000075381000-memory.dmp

Filesize
5.7MB

Download
memory/4016-11-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4016-7-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/4016-10-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4016-9-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4016-8-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download

Analysis

Sharing