Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-03-2024 23:18
Static task
static1
Behavioral task
behavioral1
Sample
c719f024ef2c073647ad1b40e71756ca.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c719f024ef2c073647ad1b40e71756ca.exe
Resource
win10v2004-20240226-en
General
-
Target
c719f024ef2c073647ad1b40e71756ca.exe
-
Size
8KB
-
MD5
c719f024ef2c073647ad1b40e71756ca
-
SHA1
ede4c02d1c2ea363149de2a041762e3d58e18f35
-
SHA256
b95b05b9c17fb54a247fd1eee8f04b43f9aae38f7e77f21bcc3c5bd46532a1c6
-
SHA512
55109bbb1796fdd3d44cbb80947275793f1ebce29ba79d0c811095440e8d5bcbee3cc21ae06dce0ebaa6a953298d92cdd7905991df59286897bccc5ad4e68dfe
-
SSDEEP
96:VMO0H2k1BqT43fsQd7tpfZlBLs/CSDhElHqvHT2rFuyiob/ZxvDytTkPtaCznS+b:aHl1c4P9BfSDTgoobytTc7SyS4XO/Fap
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2960 cmd.exe -
Loads dropped DLL 2 IoCs
pid Process 2164 c719f024ef2c073647ad1b40e71756ca.exe 2164 c719f024ef2c073647ad1b40e71756ca.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\srpi32.log c719f024ef2c073647ad1b40e71756ca.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2164 c719f024ef2c073647ad1b40e71756ca.exe 2164 c719f024ef2c073647ad1b40e71756ca.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 2164 c719f024ef2c073647ad1b40e71756ca.exe 484 Process not Found -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeLoadDriverPrivilege 2164 c719f024ef2c073647ad1b40e71756ca.exe -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 2164 wrote to memory of 1192 2164 c719f024ef2c073647ad1b40e71756ca.exe 21 PID 2164 wrote to memory of 2960 2164 c719f024ef2c073647ad1b40e71756ca.exe 28 PID 2164 wrote to memory of 2960 2164 c719f024ef2c073647ad1b40e71756ca.exe 28 PID 2164 wrote to memory of 2960 2164 c719f024ef2c073647ad1b40e71756ca.exe 28 PID 2164 wrote to memory of 2960 2164 c719f024ef2c073647ad1b40e71756ca.exe 28
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1192
-
C:\Users\Admin\AppData\Local\Temp\c719f024ef2c073647ad1b40e71756ca.exe"C:\Users\Admin\AppData\Local\Temp\c719f024ef2c073647ad1b40e71756ca.exe"2⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\c719f024ef2c073647ad1b40e71756ca.exe"3⤵
- Deletes itself
PID:2960
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5fb9a87334c5c6971ad3df1615feb265e
SHA1aeb076e10b59dcc68a62f6338f8fd4b1e0abcf7c
SHA256bb21f4c2d44fa999a2dde1257affaf8c7b623bb22bf909516031ccc7ce27fc3a
SHA512336492133705275b63b6ed16f7cd6c5bdb72f4f104ab49e404f3c0c1ff318c34c65efa168b69175fcd5343cce204899b31c43cfd0064dabe6676ae575ac73d67